A system of xinnet may leak a large amount of sensitive domain name information, such as a business license.

A system of xinnet may leak a large amount of sensitive domain name information, such as a business license.

A weak password in a website of xinnet can leak a large amount of sensitive information such as domain names.

This website is displayed when you view the public vulnerabilities.

http://www.ceboss.cn/

[email protected]@xinnet.com

PS: I seem to have reported it before, but I haven't changed it.

Depending on the order quantity, around 0.63 million,
 

Including Domain Name Information of various banks


 

Industrial and Commercial Bank of China


 

Missing ID card registration information, company information



ICBC enterprise account information


 

You can also view the account and password information of the SMS package.


 

You can send a text message after logging in with your account and password. There are still 1000 remaining items. (Impersonating a bank)



Ticket Information


 

Contract Information


 

 

You can also view domain name resolution records


 

In addition, there are arbitrary files uploaded to the qualification department of the enterprise ~




 

Uploaded successfully
 

It's hard to find the path.
 

Click here as a download request, not without parsing jsp



There is also an interface for querying whois
 

Various companies
 

Only view the new domain name order information.
 

The permission is very large, and various Domain Name Information and registrant information can be operated

 

The permission is very large, and various Domain Name Information and registrant information can be operated
 

Solution:

Control