My contribution to my alma mater is to see how I can get water and electricity fees for the whole school.

My contribution to my alma mater is to see how I can get water and electricity fees for the whole school.

Our school stands for Guoguang

Although I have graduated, I am still very concerned about my Alma Mater. I have seen that my school's self-help payment platform for water and electricity has been launched. So let's make some contributions to my alma mater.

Detailed description:

First, many interfaces have unauthorized access, such:

http://ewpay.sysu.edu.cn/ewpay/business/charge.do?action=getCustomerByRoomListhttp://ewpay.sysu.edu.cn/ewpay/business/charge.do?action=getCustomerAccountJournalhttp://ewpay.sysu.edu.cn/ewpay/business/charge.do?action=waitPayOrderList

What can we do with the above interface?

First, obtain the information about each dormitory and unit. The getCustomerByRoomList interface can be used to query the information of each dormitory. However, we have so many campuses (today we also say we want to build the fifth one in Shenzhen !), So many dormitories are too troublesome to be checked one by one. Fortunately, the system's outsourcers make mistakes. Using the interface mentioned above and using the following parameters for post requests, you can obtain the overall situation:

The fieldValue parameter is specified as %. Here, the SQL statement uses like for query and is not processed properly (it may be that the % number is filtered into a Null String ). You can also set this parameter to null to query all the data. The figure shows 100 data records for verification.

Second: from the interface above, we can get the CUST_GUID of all the dormitories. Next, we will use another interface getCustomerAccountJournal to query the details of the dormitory, in the same way, it can be found without logon.

Third: The waitPayOrderList interface can be used to check the History Order details through netid. It can also be accessed with unauthorized logon. As the system is just launched, there is no data. However, I 'd like to remind you to confirm the development of the outsourcers. What can I do with this interface? With netid, You can precisely locate the dormitory where each student is located.

Proof of vulnerability:

It has been proved above.

Solution:

1. Oh, if you are not in the school, you will not be able to access the Internet. The world outside is very dangerous. I have a VPN to log on back.

2. Fix the problems mentioned above and check for the problems that still exist.

3. I 'd like to ask how many developers have used this system. Can I ask for help.