China Eastern Airlines Co., Ltd. leaked the user information of the whole site member (birthday/name/mobile phone number/email)
It is feasible to give a high rank
1. I was very happy to register a member (East China miles) and found that my personal information was obtained so easily.
Web: http://easternmiles.ceair.com/mpf/#/sign/forget
Enter the membership card number to obtain detailed information about the person holding the photo member card.
2. I don't know the specific format of the card number, so I registered one, probably in this format:
6130121 xxxxx, okay, I will try it again.
The result is as follows:
Number: 613012100006
Personal information: {"memberId": "613012100006", "lang": "zh_CN", "companyCode": "MU", "programCode": "CEAEM", "exception ": null, "changeType": "1", "code": null, "id":-1, "cardNo1": "613012100006", "cardType1": 1, "sendType1": "1", "mobile1": "15899571909", "email1": "[email protected]", "birthdayStr": "19710516", "cardNo2 ": null, "cardType2": 1, "sendType2": "1", "memberId2": null, "mobile2": null, "email2": null, "memberName ": "Ke Yu", "oldPW": null, "newPW": null, "flag": 0}
Number: 613012100055
Personal confidence:
{"MemberId": "613012100055", "lang": "zh_CN", "companyCode": "MU", "programCode": "CEAEM", "exception": null, "changeType": "1", "code": null, "id":-1, "cardNo1": "613012100055", "cardType1": 1, "sendType1 ": "1", "mobile1": "15012691217", "email1": "[email protected]", "birthdayStr": "19901031", "cardNo2": null, "cardType2": 1, "sendType2": "1", "memberId2": null, "mobile2": null, "email2": null, "memberName": "Yang Tao ", "oldPW": null, "newPW": null, "flag": 0}
I will give you an example,
3. After traversing the table, I got several card numbers and found that the card numbers were not continuous. However, Xin fengge had a good math and found that they were a series of equal differences.
613012100006
613012100013
613012100020
613012100027
613012100034
613012100041
613012100048
613012100055
No, the following card number is 7 larger than the above, so I understand that I can traverse all user information.
4. I am a good citizen and the citizen is: xxxxxxxxxxx
Don't talk about it. Fix it as soon as possible. Brother's information is still in it.
Solution:
Fix