62,046
社区成员
发帖
与我相关
我的任务
分享web安全扫描,请问这是什么意思?SSL 请求中的查询参数?????
[5 / 5]
SSL 请求中的查询参数
严重性: 低
测试类型: 应用程序 有漏洞的 URL: https://www.cmpay.com/login.shtm (参数 = redirectUrl)
修复任务: 发送敏感信息时总是使用 HTTP POST 方法 1 的变体 1 [ID=16766] 用户可能需要注意以下信息: GET /login.shtm?redirectUrl=recharge HTTP/1.0
Cookie: JSESSIONID=y0RQKN3LtJvJljT0tYycbWb7RJRBHVz42YnnWTltYHZWTqwcB7YQ!1873465840
Accept: */*
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Host: www.cmpay.com
Referer: https://www.cmpay.com/power.do?method=login
HTTP/1.1 200 OK
Content-Length: 18255
Connection: close
Date: Fri, 03 Jul 2009 03:14:48 GMT
Content-Type: text/html;charset=GBK
X-Powered-By: Servlet/2.4 JSP/2.0
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<link href="/css/index_style.css" rel="stylesheet" type="text/css" />
<script language="javascript" >
function init(){
if(self !=top){
top.location.href="/login.shtm";
}
}
</script>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
<meta name="keywords" content="中国移动手机支付业务网站,中国移动手机支付平台,手机支付系统,手机支付/手机/移动支付,支付/支付平台,安全支付/安全/支付, 在线/付款,收款/网上,贸易/网上贸易,官网,中国移动/移动/中国移动通信/中移动,china/mobile/pay,移动用户/全球通/神州行 /动感地带/集团客户" />
<meta name="description" content="中国移动手机支付业务网站,是中国规模最大的移动手机支付平台.手机支付业务是指基于中国移动移动通信网络和互联网络技术,利用手机, 通过WWW,SMS,STK,RFID等方式进行消费,充值,转账,查询等电子商务操作,并进行相关业务管理的业务." />
<title>中国移动手机支付 - 手机支付 安全快速!</title>
</head>
<body onLoad="init();">
<table width="100%" height="19" border="0" cellpadding="0" cellspacing="0" background="/images/img2/top_bg.jpg">
<tr>
<td align="center" valign="top"><table width="880" height="19" border="0" cellpadding="0" cellspacing="0">
<tr>
<td align="left" valign="middle" class="gray_001">7×24小时服务热线:<span class="blue_001">10086</span> 商户客服热线:<span class="blue_001">15907313000</span></td>
<td align="right" valign="middle" class="blue_001"><a href="/index.shtm" class="blue_001">首页</a> | <a href="http://www.cmpay.com/info/aboutus/index.shtm" target="_blank" class="blue_001">业务介绍</a> | <a href="http://www.cmpay.com/info/help/index.shtm" target="_blank" class="blue_001">帮助中心</a> | <a href="http://www.cmpay.com/info/demo/index.shtm" target="_blank" class="blue_001">功能演示</a> | <a href="http://www.cmpay.com/info/safe/index.shtm" target="_blank" class="blue_001">安全中心</a></td>
</tr>
</table></td>
</tr>
</table>
<table width="880" height="70" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td align="left" valign="middle" style="padding-left:25px"><a href="/index.shtm"><img src="/images/img2/logo.jpg" width="161" height="46" /></a></td>
<td align="right" valign="bottom"><table border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="90" height="32" align="left" valign="top"><a href="/user/portalUser.do?method=preRegister" ><img src="/images/img2/but_wyzc.jpg" width="81" height="26" border="0" /></a></td>
<td width="90" align="left" valign="top"><a href="/marketing/discount.shtm"><img src="/images/img2/but_wyyh.jpg" width="81" height="26" border="0" /></a></td>
<td width="95" align="left" valign="top"><a href="/login.shtm?redirectUrl=recharge"><img src="/images/img2/but_wycz.jpg" width="81" height="26" border="0" /></a></td>
</tr>
</table></td>
</tr>
</table>
<table width="880" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td align="left" valign="middle"><img src="/images/img2/dh_02.jpg" width="880" height="7" /></td>
</tr>
</table>
<table width="880" border="0" cellpadding="0" cellspacing="0" class="margin4" align="center">
<tr>
<td width="516" valign="top"><table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td height="26"></td>
</tr>
<tr>
<td valign="top"><img src="images/img2/login_01.jpg" width="516" height="200" /></td>
</tr>
</table></td>
<td width="292" valign="top">
<html>
<head>
<script language="javascript" src="/js/common.js"></script>
<script language="javascript" src="/js/prototype.js"></script>
<script language="javascript" src="/js/ccitenrl.js"></script>
<script language="javascript" src="/js/jquery.js"></script>
<script language="javascript">
function clearText(){
var userText=document.getElementById("username").value;
if(userText=="请输入您的手机号或别名") document.getElementById("username").value="";
}
function showUsb(){
document.getElementById("usb_table").style.display="block";
document.getElementById("common_table").style.display="none";
var flag=isShowUsbDiv();
if(!flag){
document.getElementById("usb_note").style.display="block";
document.getElementById("usb_table").style.display="none";
document.getElementById("common_table").style.display="none";
}
}
function chkusblogon(preUrl){
var flag=usbkeylogin(preUrl);
if("true" == flag){
document.getElementById("loginType").value="2";
//判断是否指定要跳到哪个页面
var redirectU... 响应中的验证: 不适用 推理: AppScan 在通过 SSL 发送的 HTTP 请求的查询部分中找到参数
SSL 请求中的查询参数
严重性: 低
测试类型: 应用程序 有漏洞的 URL: https://www.cmpay.com/login.shtm (参数 = redirectUrl)
修复任务: 发送敏感信息时总是使用 HTTP POST 方法 1 的变体 1 [ID=16766] 用户可能需要注意以下信息: GET /login.shtm?redirectUrl=recharge HTTP/1.0
Cookie: JSESSIONID=y0RQKN3LtJvJljT0tYycbWb7RJRBHVz42YnnWTltYHZWTqwcB7YQ!1873465840
Accept: */*
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Host: www.cmpay.com
Referer: https://www.cmpay.com/power.do?method=login
HTTP/1.1 200 OK
Content-Length: 18255
Connection: close
Date: Fri, 03 Jul 2009 03:14:48 GMT
Content-Type: text/html;charset=GBK
X-Powered-By: Servlet/2.4 JSP/2.0
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<link href="/css/index_style.css" rel="stylesheet" type="text/css" />
<script language="javascript" >
function init(){
if(self !=top){
top.location.href="/login.shtm";
}
}
</script>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
<meta name="keywords" content="中国移动手机支付业务网站,中国移动手机支付平台,手机支付系统,手机支付/手机/移动支付,支付/支付平台,安全支付/安全/支付, 在线/付款,收款/网上,贸易/网上贸易,官网,中国移动/移动/中国移动通信/中移动,china/mobile/pay,移动用户/全球通/神州行 /动感地带/集团客户" />
<meta name="description" content="中国移动手机支付业务网站,是中国规模最大的移动手机支付平台.手机支付业务是指基于中国移动移动通信网络和互联网络技术,利用手机, 通过WWW,SMS,STK,RFID等方式进行消费,充值,转账,查询等电子商务操作,并进行相关业务管理的业务." />
<title>中国移动手机支付 - 手机支付 安全快速!</title>
</head>
<body onLoad="init();">
<table width="100%" height="19" border="0" cellpadding="0" cellspacing="0" background="/images/img2/top_bg.jpg">
<tr>
<td align="center" valign="top"><table width="880" height="19" border="0" cellpadding="0" cellspacing="0">
<tr>
<td align="left" valign="middle" class="gray_001">7×24小时服务热线:<span class="blue_001">10086</span> 商户客服热线:<span class="blue_001">15907313000</span></td>
<td align="right" valign="middle" class="blue_001"><a href="/index.shtm" class="blue_001">首页</a> | <a href="http://www.cmpay.com/info/aboutus/index.shtm" target="_blank" class="blue_001">业务介绍</a> | <a href="http://www.cmpay.com/info/help/index.shtm" target="_blank" class="blue_001">帮助中心</a> | <a href="http://www.cmpay.com/info/demo/index.shtm" target="_blank" class="blue_001">功能演示</a> | <a href="http://www.cmpay.com/info/safe/index.shtm" target="_blank" class="blue_001">安全中心</a></td>
</tr>
</table></td>
</tr>
</table>
<table width="880" height="70" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td align="left" valign="middle" style="padding-left:25px"><a href="/index.shtm"><img src="/images/img2/logo.jpg" width="161" height="46" /></a></td>
<td align="right" valign="bottom"><table border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="90" height="32" align="left" valign="top"><a href="/user/portalUser.do?method=preRegister" ><img src="/images/img2/but_wyzc.jpg" width="81" height="26" border="0" /></a></td>
<td width="90" align="left" valign="top"><a href="/marketing/discount.shtm"><img src="/images/img2/but_wyyh.jpg" width="81" height="26" border="0" /></a></td>
<td width="95" align="left" valign="top"><a href="/login.shtm?redirectUrl=recharge"><img src="/images/img2/but_wycz.jpg" width="81" height="26" border="0" /></a></td>
</tr>
</table></td>
</tr>
</table>
<table width="880" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td align="left" valign="middle"><img src="/images/img2/dh_02.jpg" width="880" height="7" /></td>
</tr>
</table>
<table width="880" border="0" cellpadding="0" cellspacing="0" class="margin4" align="center">
<tr>
<td width="516" valign="top"><table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td height="26"></td>
</tr>
<tr>
<td valign="top"><img src="images/img2/login_01.jpg" width="516" height="200" /></td>
</tr>
</table></td>
<td width="292" valign="top">
<html>
<head>
<script language="javascript" src="/js/common.js"></script>
<script language="javascript" src="/js/prototype.js"></script>
<script language="javascript" src="/js/ccitenrl.js"></script>
<script language="javascript" src="/js/jquery.js"></script>
<script language="javascript">
function clearText(){
var userText=document.getElementById("username").value;
if(userText=="请输入您的手机号或别名") document.getElementById("username").value="";
}
function showUsb(){
document.getElementById("usb_table").style.display="block";
document.getElementById("common_table").style.display="none";
var flag=isShowUsbDiv();
if(!flag){
document.getElementById("usb_note").style.display="block";
document.getElementById("usb_table").style.display="none";
document.getElementById("common_table").style.display="none";
}
}
function chkusblogon(preUrl){
var flag=usbkeylogin(preUrl);
if("true" == flag){
document.getElementById("loginType").value="2";
//判断是否指定要跳到哪个页面
var redirectU... 响应中的验证: 不适用 推理: AppScan 在通过 SSL 发送的 HTTP 请求的查询部分中找到参数
...全文
请发表友善的回复…
发表回复
