The design defect of a station in the travel network of qinglv leads to a large amount of sensitive information leakage (Order/member number/name/mobile phone number/ID card number/email/address)

Source: Internet
Author: User

The design defect of a station in the travel network of qinglv leads to a large amount of sensitive information leakage (Order/member number/name/mobile phone number/ID card number/email/address)

Qinglv Holdings Co., Ltd. (hereinafter referred to as qinglv) is a subsidiary of the central Communist Youth League directly affiliated to the Chinese Youth Travel Group Company. It was founded in November 26, 1997 by raising funds, in December 3, the company's shares were listed on the Shanghai Stock Exchange. It was the first A-share Listed Company in China's Travel Service Industry (stock code: 600138) and the first batch of 5A travel agencies in Beijing, with a total share capital of 0.41535 billion yuan.

Detailed description:

Http://erp.aoyou.com: 8060/login the station verification code design defects can cause brute force cracking of user password;

The user and password that have been cracked are as follows:

6zhangmin123456302falsefalse76718limin        123456302falsefalse76719wanglei        123456302falsefalse76731zhangyan123456302falsefalse76749liufang        123456302falsefalse76750zhangyan123456302falsefalse76754wanghui        123456302falsefalse76756chenjing123456302falsefalse76769litao        123456302falsefalse767155zhangxu        123456302falsefalse767253zhangmei123456302falsefalse767276chenchen123456302falsefalse767364liuyun        123456302falsefalse767382zhouwei        123456302falsefalse767445wanglei        123456302falsefalse767455liubing        123456302falsefalse767

Non-registered members, potential members, general members, bronze members, and gold medal members: 831042

 

 

 

 

 

 

 

 

 

 

Proof of vulnerability:

Http://erp.aoyou.com: 8060/login allows you to change the password of a member and then log on to www.aoyou.com;

 

Solution:

Eliminate weak passwords and redesign verification codes!

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.