2014-12-09: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-01-23: 厂商已经主动忽略漏洞,细节向公众公开
华商街某系统多个数据库未授权访问(泄露用户信息)
*****.159*****
/* 0 */{ "_id" : ObjectId("5387063ba310e10ded5410be"), "id" : "1", "username" : "13942508798", "realname" : "张玉兰", "pwd" : "4QrcOUm6Wau VuBX8g IPg==", "pwd1" : "", "tjrname" : "", "prename" : "", "pos" : "1", "zmdname" : null, "bdmoney" : "7000.0", "price" : "377.89", "price_shop" : "0.0", "price_repeat" : "0.0", "pv_reg" : "7000.0", "pv_consume" : "0.0", "pv_team_reg" : "1967000.0", "pv_team_con" : "0.0", "pv_team_regp" : "1967000.0", "pv_team_conp" : "0.0", "rank0" : "1", "rank" : "1", "rank1" : "0", "isdp" : "0", "state" : "1", "lognum" : "0", "regtime" : "1332148435", "confirmtime" : "1332148435", "sex" : null, "province" : null, "city" : null, "area" : null, "mobile" : null, "postcode" : null, "address" : null, "email" : "1278107488@qq.com", "bank" : null, "bankid" : "0", "zhanghao" : null, "huzhu" : null, "idcard" : "210603195801254064", "storename" : null, "storerank" : "0", "store_province" : null, "store_city" : null, "store_area" : null, "store_address" : null, "regusername" : null, "regrealname" : null, "regtype" : "0", "bdprice" : "0.0", "posnum" : "3", "isblank" : "0", "storeregtime" : null, "gldept" : "0", "tjdept" : "0", "receiver" : null, "nationality" : null, "bankaddress" : null, "recontact" : null, "phone" : null, "jspv" : "0.0", "timepre" : null, "fax" : null, "bdnum" : "1", "bdnum_team" : "281", "qq" : null, "shopprice" : "0.0", "price_s" : "0.0", "price_all" : "0.0", "tjnum" : "1", "glstr" : "", "rank2" : "0", "bv" : "10500.0", "gupiaonum" : "0", "type" : "1", "salebv" : "0.0", "regbv" : "0.0", "posstr" : "", "price3" : "0.00", "price1" : "0.00", "buynum" : "0", "loginin" : "1", "dongjie" : "1", "mmprice" : "8970.0", "mmstyles" : "1", "istrue" : "1", "setsett" : "1"}
这是点歌平台用户信息
未能联系到厂商或者厂商积极拒绝
2B
@龍 、 你妹
