China Eastern Airlines Co., Ltd. leaked the user information of the whole site member (birthday/name/mobile phone number/email)

Source: Internet
Author: User

China Eastern Airlines Co., Ltd. leaked the user information of the whole site member (birthday/name/mobile phone number/email)

It is feasible to give a high rank

1. I was very happy to register a member (East China miles) and found that my personal information was obtained so easily.

Web: http://easternmiles.ceair.com/mpf/#/sign/forget

Enter the membership card number to obtain detailed information about the person holding the photo member card.


2. I don't know the specific format of the card number, so I registered one, probably in this format:

6130121 xxxxx, okay, I will try it again.

The result is as follows:

Number: 613012100006

Personal information: {"memberId": "613012100006", "lang": "zh_CN", "companyCode": "MU", "programCode": "CEAEM", "exception ": null, "changeType": "1", "code": null, "id":-1, "cardNo1": "613012100006", "cardType1": 1, "sendType1": "1", "mobile1": "15899571909", "email1": "[email protected]", "birthdayStr": "19710516", "cardNo2 ": null, "cardType2": 1, "sendType2": "1", "memberId2": null, "mobile2": null, "email2": null, "memberName ": "Ke Yu", "oldPW": null, "newPW": null, "flag": 0}



Number: 613012100055

Personal confidence:

{"MemberId": "613012100055", "lang": "zh_CN", "companyCode": "MU", "programCode": "CEAEM", "exception": null, "changeType": "1", "code": null, "id":-1, "cardNo1": "613012100055", "cardType1": 1, "sendType1 ": "1", "mobile1": "15012691217", "email1": "[email protected]", "birthdayStr": "19901031", "cardNo2": null, "cardType2": 1, "sendType2": "1", "memberId2": null, "mobile2": null, "email2": null, "memberName": "Yang Tao ", "oldPW": null, "newPW": null, "flag": 0}



I will give you an example,



3. After traversing the table, I got several card numbers and found that the card numbers were not continuous. However, Xin fengge had a good math and found that they were a series of equal differences.

613012100006

613012100013

613012100020

613012100027

613012100034

613012100041

613012100048

613012100055


No, the following card number is 7 larger than the above, so I understand that I can traverse all user information.


4. I am a good citizen and the citizen is: xxxxxxxxxxx


Don't talk about it. Fix it as soon as possible. Brother's information is still in it.

Solution:

Fix

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.