China Eastern Airlines Co., Ltd. leaked the user information of the whole site member (birthday/name/mobile phone number/email)

China Eastern Airlines Co., Ltd. leaked the user information of the whole site member (birthday/name/mobile phone number/email)

It is feasible to give a high rank

1. I was very happy to register a member (East China miles) and found that my personal information was obtained so easily.

Web: http://easternmiles.ceair.com/mpf/#/sign/forget

Enter the membership card number to obtain detailed information about the person holding the photo member card.


2. I don't know the specific format of the card number, so I registered one, probably in this format:

6130121 xxxxx, okay, I will try it again.

The result is as follows:

Number: 613012100006

Personal information: {"memberId": "613012100006", "lang": "zh_CN", "companyCode": "MU", "programCode": "CEAEM", "exception ": null, "changeType": "1", "code": null, "id":-1, "cardNo1": "613012100006", "cardType1": 1, "sendType1": "1", "mobile1": "15899571909", "email1": "[email protected]", "birthdayStr": "19710516", "cardNo2 ": null, "cardType2": 1, "sendType2": "1", "memberId2": null, "mobile2": null, "email2": null, "memberName ": "Ke Yu", "oldPW": null, "newPW": null, "flag": 0}



Number: 613012100055

Personal confidence:

{"MemberId": "613012100055", "lang": "zh_CN", "companyCode": "MU", "programCode": "CEAEM", "exception": null, "changeType": "1", "code": null, "id":-1, "cardNo1": "613012100055", "cardType1": 1, "sendType1 ": "1", "mobile1": "15012691217", "email1": "[email protected]", "birthdayStr": "19901031", "cardNo2": null, "cardType2": 1, "sendType2": "1", "memberId2": null, "mobile2": null, "email2": null, "memberName": "Yang Tao ", "oldPW": null, "newPW": null, "flag": 0}



I will give you an example,



3. After traversing the table, I got several card numbers and found that the card numbers were not continuous. However, Xin fengge had a good math and found that they were a series of equal differences.

613012100006

613012100013

613012100020

613012100027

613012100034

613012100041

613012100048

613012100055


No, the following card number is 7 larger than the above, so I understand that I can traverse all user information.


4. I am a good citizen and the citizen is: xxxxxxxxxxx


Don't talk about it. Fix it as soon as possible. Brother's information is still in it.

Solution:

Fix