Home > Cloud Computing > Cloud Security

The design defect of a station in the travel network of qinglv leads to a large amount of sensitive information leakage (Order/member number/name/mobile phone number/ID card number/email/address)

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

The design defect of a station in the travel network of qinglv leads to a large amount of sensitive information leakage (Order/member number/name/mobile phone number/ID card number/email/address)

Qinglv Holdings Co., Ltd. (hereinafter referred to as qinglv) is a subsidiary of the central Communist Youth League directly affiliated to the Chinese Youth Travel Group Company. It was founded in November 26, 1997 by raising funds, in December 3, the company's shares were listed on the Shanghai Stock Exchange. It was the first A-share Listed Company in China's Travel Service Industry (stock code: 600138) and the first batch of 5A travel agencies in Beijing, with a total share capital of 0.41535 billion yuan.

Detailed description:

Http://erp.aoyou.com: 8060/login the station verification code design defects can cause brute force cracking of user password;

The user and password that have been cracked are as follows:

6zhangmin123456302falsefalse76718limin        123456302falsefalse76719wanglei        123456302falsefalse76731zhangyan123456302falsefalse76749liufang        123456302falsefalse76750zhangyan123456302falsefalse76754wanghui        123456302falsefalse76756chenjing123456302falsefalse76769litao        123456302falsefalse767155zhangxu        123456302falsefalse767253zhangmei123456302falsefalse767276chenchen123456302falsefalse767364liuyun        123456302falsefalse767382zhouwei        123456302falsefalse767445wanglei        123456302falsefalse767455liubing        123456302falsefalse767

Non-registered members, potential members, general members, bronze members, and gold medal members: 831042

 

 

 

 

 

 

 

 

 

 

Proof of vulnerability:

Http://erp.aoyou.com: 8060/login allows you to change the password of a member and then log on to www.aoyou.com;

 

Solution:

Eliminate weak passwords and redesign verification codes!

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
how to calculate mod of large number find caller id of phone number number of digits in visa credit card phone number of enterprise amount of days in year phone number of ancestry com touch of modern phone number
Related Article
How does personal cloud security guarantee data security?
Cloud security to achieve effective prevention of the future ...
Focus on three major cloud security areas, you know?
Decrypting Cisco type 5 password hashes
Using redis to write webshell

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More