A system of xinnet may leak a large amount of sensitive domain name information, such as a business license.

Source: Internet
Author: User

A system of xinnet may leak a large amount of sensitive domain name information, such as a business license.

A weak password in a website of xinnet can leak a large amount of sensitive information such as domain names.

This website is displayed when you view the public vulnerabilities.

http://www.ceboss.cn/
[email protected]@xinnet.com

PS: I seem to have reported it before, but I haven't changed it.

Depending on the order quantity, around 0.63 million,
 







Including Domain Name Information of various banks


 





Industrial and Commercial Bank of China


 







Missing ID card registration information, company information



ICBC enterprise account information


 





You can also view the account and password information of the SMS package.


 







You can send a text message after logging in with your account and password. There are still 1000 remaining items. (Impersonating a bank)



Ticket Information


 







Contract Information


 






 







You can also view domain name resolution records


 







In addition, there are arbitrary files uploaded to the qualification department of the enterprise ~




 





Uploaded successfully
 





It's hard to find the path.
 





Click here as a download request, not without parsing jsp



There is also an interface for querying whois
 







Various companies
 







Only view the new domain name order information.
 


The permission is very large, and various Domain Name Information and registrant information can be operated

 


The permission is very large, and various Domain Name Information and registrant information can be operated
 

Solution:

Control

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.