51 credit card Butler New Product (U51 account manager) any user account flow consumption and other information query

Today, I was reading the news and found that a company has a new product, claiming that it can "directly connect to the debit card online banking to parse bills, breaking through the restrictions that can only resolve credit card bills ", every time I see a new product, I think security is the top priority! Conclusion: It is really unreliable to store financial-related information on the Internet! Today at 36kr to see the news, found 51 credit card out of the new product (http://www.36kr.com/p/210505.html), said can "can be directly connected to the debit card online banking resolution bill, break through the past can only resolve credit card bill restrictions ", every time I see a new product, I think security is the top priority! I think it is very reliable to say that (although I don't know what security authentication is) register an account and try it, saying that it is necessary to use a mobile phone. Then I registered a mobile phone from the main site. Check the cookie after logging on. There is a "key" parameter for userId and userName. Generally, these two items are put in the cookie. The cookie spoofing vulnerability may occur in S3... After logging on, I didn't bind any cards. I directly changed the cookie value of the id and then told me that the synchronization information was successful, bingo!




But what if the user id 1 is a test or demo? I'm trying to check id2. I confirmed that I could log on to view information in any account...Solution:Why do developers like cookies?