A website of Air China has a vulnerability in which you can obtain information about other user audio and video cards.
This vulnerability allows you to obtain a large number of user's audio and video card accounts, and perform point transfer, redemption, and other operations.
Previous problematic Website: http://gift.airchina.com.cn/has been closed.
But the site: http://gift.airchina.com.cn: 8087/can be used as usual.
The logon site does not have a verification code. weak passwords can be cracked.
We can see that Air China has encrypted the password, but it is useless because the card number is still in plain text.
The following are cracked accounts:
There are more:
You can successfully log on to Phoenix Zhiyin for all cracked card numbers:
For more information, we will not list them one by one.
Hazard: Air China points can be transferred to others, mileage, air tickets, or user privacy protection.
Solution:
Add a verification code.