2015-08-15: 细节已通知厂商并且等待厂商处理中 2015-08-17: 厂商已经确认,细节仅向厂商公开 2015-08-27: 细节向核心白帽子及相关领域专家公开 2015-09-06: 细节向普通白帽子公开 2015-09-16: 细节向实习白帽子公开 2015-10-01: 细节向公众公开
神器之····一个神器的接口!
http://shop.taikang.com/tkecs/service/memberinfo/init?&member_id=13888612&flow_id=1001
遍历member_id即可取得百万用户信息,你说危害大不大!
用身份证号+密码登陆下!
成功登录,,但是访问个人中心的时候发现有验证。我们可以这样破掉他!
选中所选框,删除!
还有一层,按照上面方法!删除!正常了!
===========================================我们还是回到那个接口,遍历下!
***** "jingxin7399@qq.com","computeFlag":"Y","weight":0,"memberVerifyCode":"623915","areacod**********:3,"cidTypeId":"01","cifNo":"5048628845","address":"éåå¿åå± "likw@taikanglife.com","computeFlag":"Y",&quo**********cidTypeId":"01","cifNo":"5074010138","partyId":"56813004699254 "05200910@163.com","memberVerifyCode":"000000","memberTyp**********ypeId":"01","cifNo":"5050610162","partyId":"1966811722","a "05200910@163.com","memberType":"3","companyNo":**********quot;:"01","memberIfemail":"N","partyId":"1969754148","ad "cy52620669@126.com","memberVerifyCode":"736073","memberType&q**********cidTypeId":"01","partyId":"348129994061343040","address":"æ°æ "379005197212295927@taikang.com","memberType":"3",&qu**********om","weight":0,"memberType":"3","areacode":"00000001000510000000","companyNo"**********quot;:"0","memtypeId":"9","memberId": "shenhaoran@cnpc.com.cn","memberType":"3","areacode":"**********;:"0","memtypeId":"9","memberId": "2806292935@QQ.com","memberType":"3","areacode":"00000001000**********"0","memtypeId":"5","memberId": "zhyeming@163.com","memberType":"4","areacode":"00000001000W500**********"0","memtypeId":"9","memberId": "261763854@QQ.COM","memberType":"3","areacode":"00000001000I100**********quot;memberType":"3","areacode":"00000001000210000000","companyNo":"2","memberFlag&quo**********peId":"01","partyId":"165127953173988710","address":"ææ "carol1982820@163.com","computeFlag":"Y","memberVerify**********d":"01","partyId":"610139987086686606","address":"æè "179536868@qq.com","computeFlag":"Y","memberType":"**********;,"weight":0,"memberType":"3","areacode":"00000001000R10000000","companyNo":"**********;:"0","memtypeId":"5","memberId": "1252960708@qq.com","memberType":"4","areacode":"00000001000**********emberAnswer":"edee28cdd27f28f340062a4d0e "18930726569@189.cn","memberVerifyCode":"529507","memberType":"3","companyNo**********t;:"1","memtypeId":"9","memberId": "65934946@qq.com","memberType":"3","areacode":"00000001000I10**********cidTypeId":"01","memtypeId":"5","memberGender":"0","memberId": "799309568@qq.com","computeFlag":"Y","**********"1","memtypeId":"9","member "1249580276@qq.com","memberType":"3","areacode":"00000001000310000000**********ypeId":"01","memtypeId":"9","memberGender":"0","memberId": "ban666@qq.com","computeFlag":"Y","companyNo**********ypeId":"01","partyId":"1968436143","address":"å京å¸ç³ "guodi0317@sohu.com","memberType":"3","companyNo&qu**********"cidTypeId":"01","partyId":"422127475851842784","address":" "18971036653@189.cn","memberType":"3","companyNo"**********uot;:"01","memberAnswer":"d1b566e63422e94684c50da8f14511 "282083088@qq.com","computeFlag":"N","memberVerifyCode":"324500&qu**********t;memberAnswer":"30e74d3f51b9554994b96f74551877db","memberIfemail "303393509@qq.com","computeFlag":"Y","memberVerifyCode":"531560&q**********quot;,"memberIfemail":"N","cifNo":"5022497161","part "tshych@163.com","computeFlag":"N","memberVerifyCode":"2**********;" 139****8631","memberGen**********;" 135****1930","memberGen**********1","memberIfemail":"N","partyId":"1950245036","me "971967490@qq.com","computeFlag":"Y","memberVerifyCode":&qu**********","memberIfemail":"N","cifNo":"5062831043","part "19277753@qq.com","computeFlag":"Y","memberVerifyCode":"**********t;01","memberIfemail":"N","cifNo":"5063753717"," "rizhaolcj@126.com","computeFlag":"Y","memberVerifyCode":&quo**********1","memberIfemail":"N","cifNo":"5067166751"," "dwm6229@sohu.com","computeFlag":"Y","memberVerifyCode":"505**********1","memberIfemail":"N","cifNo":"5046269671","part "478007273@qq.com","computeFlag":"Y","memberVerifyCode":&qu**********"01","memberIfemail":"N","cifNo":"5051069796"," "ZHUOLEI5656@126.COM","computeFlag":"Y","memberVerifyCode&quo**********eId":"01","memberAnswer":"851f1c973e82b35b44013463fcbd65 "410323197008090020@taikang.com","computeFlag":"Y","memberType":&q**********ot;01","memberIfemail":"Y","cifNo":"0027533233"," "j3yjs@126.com","computeFlag":"Y","memberVerifyCode":"8**********quot;:"01","memberIfemail":"N","partyId":"872127476192559 "hackboxs-club@yahoo.com.cn","computeFlag":"Y","memberVer**********quot;:"01","memberIfemail":"N","partyId":"162127475502870 "zhangys767613168@qq.com","computeFlag":"Y","memberVerify**********"01","memberIfemail":"Y","cifNo":"5052655069","part "430524197607223260@taikang.com","computeFlag":"Y","memb**********quot;:"01","memberIfemail":"N","cifNo":"0048028403"," "jingshouxia@hotmail.com","computeFlag":"Y","memberVe**********ot;:"01","memberIfemail":"N","partyId":"377127475982835 "issacboxs@yahoo.com.cn","computeFlag":"Y","memberVerifyCode**********ot;,"memberIfemail":"Y","cifNo":"5071095921","part "kfs918@126.com","computeFlag":"Y","memberVerifyCode":"1560**********"01","memberIfemail":"N","cifNo":"0158850103","part "happy2008zyj@sina.com","computeFlag":"Y","memberVerifyC**********ot;01","memberIfemail":"N","partyId":"721272069736039 "108045678@qq.com","computeFlag":"Y","memberVerifyCode":"9**********"01","memberIfemail":"N","partyId":"368127200537294 "whywhy12344@126.com","computeFlag":"Y","memberVerifyCode":&**********quot;:"01","memberIfemail":"N","cifNo":"4005758212"," "zacaoxiaojingling@163.com","computeFlag":"Y","member**********ot;01","memberIfemail":"N","partyId":"460125594317239 "laifubao@163.com","computeFlag":"Y","memberVerifyCode":"3**********ypeId":"01","memberIfemail":"N","partyId":"52512588145 "cy5-zhp@petrochina.com.cn","computeFlag":"Y","memberV**********;:"01","memberIfemail":"N","cifNo":"0048475553","part "yetaoandwanwan@sohu.com","computeFlag":"Y","memberVe**********","memberIfemail":"N","cifNo":"0021307873","part "yjs0890@126.com","computeFlag":"Y","memberVerifyCode":"**********","memberIfemail":"N","cifNo":"5024472009","part "wwx70@taikang.com","computeFlag":"Y","memberVerifyCode":&quo**********ot;01","memberIfemail":"N","cifNo":"0173258176"," "128200000@qq.com","computeFlag":"Y","memberVerifyCode":&qu**********","memberIfemail":"N","cifNo":"5022639378","part "shdylzf@126.com","computeFlag":"Y","memberVerifyCode":"**********;01","memberIfemail":"N","partyId":"382126501897045 "350665364@qq.com","computeFlag":"Y","memberVerifyCode":"3978**********ot;01","memberIfemail":"N","cifNo":"5070017389","part "chenyuel74@gmail.com","computeFlag":"N","memberVerifyCode&q**********uot;01","memberIfemail":"N","cifNo":"5091025649","part "hua13883306338@163.com","computeFlag":"N","memberVerifyCod**********d":"01","partyId":"706127503575932641","address":"éå "zyguigood@126.com","computeFlag":"Y","memberType":&quo**********eId":"01","address":"æ²³åçéå·å¸éæ°´åºä¸é "331090562@qq.com","computeFlag":"Y","memberType":&q**********;01","memberIfemail":"Y","cifNo":"0140304447","part "lele241202@163.com","computeFlag":"Y","memberVerifyCode"**********eId":"01","address":"æ²³åçéå·å¸éæ°´åºä¸é "1215875739@qq.com","computeFlag":"Y","memberType":&**********"01","memberIfemail":"N","partyId":"203126922934 "857367260@qq.com","computeFlag":"Y","memberVerifyCode":"0**********,"memberIfemail":"N","cifNo":"0186588581","part "11084803@qq.com","computeFlag":"Y","memberVerifyCode":"050655&q**********","memberIfemail":"N","cifNo":"5063626652"," "wangrs333@126.com","computeFlag":"N","memberVerifyCode":"8557**********uot;01","partyId":"1950511812","memtypeId":"9","member "370405196912292240@taikang.com","computeFlag":"Y","memberT**********uot;01","partyId":"1966965593","memtypeId":"9","member "370405197304292380@taikang.com","computeFlag":"Y","memberT**********;01","memberIfemail":"N","partyId":"784126778423414 "bh1234@126.com","computeFlag":"Y","memberVerifyCode":"04268**********:"01","memberIfemail":"N","partyId":"183125031467024 "yaohaionly@163.com","computeFlag":"Y","memberVerifyCode":**********","memberIfemail":"N","partyId":"879127410452290 "1215kghao@163.com","computeFlag":"Y","memberVerifyCode":"998684&q**********ot;01","memberIfemail":"N","partyId":"618127432442155 "382960151@qq.com","computeFlag":"Y","memberVerifyCode":"0**********ot;:"01","partyId":"1971351890","memtypeId":"9","member "370405197102154625@taikang.com","computeFlag":"Y",&quo**********eId":"01","partyId":"808143946930935466","address":" "564617030@qq.com","computeFlag":"Y","memberType":"3"**********":"01","address":"å京å¸æé³åºåéå ¡ç²3 "doqi@skylotec.cn.com","computeFlag":"Y","memberType":&**********quot;,"memberIfemail":"N","partyId":"656125203410683 "cclmn@sohu.com","computeFlag":"Y","memberVerifyCode":"173814"**********"01","partyId":"1958407718","memtypeId":"9","member "370421197205066054@taikang.com","computeFlag":"Y","memb**********uot;01","partyId":"1955723770","memtypeId":"9","member "372301198409105129@taikang.com","computeFlag":"Y","memberT**********ot;:"01","address":"广ä¸çæ±é¨æ©å¹³å¸æ©åæ©æ "bindanlia@163.com","computeFlag":"Y","memberType":**********ot;:"01","address":"æ·±å³å¸å®å®åºç¦æ°¸è¡éæ¡¥å¤ "3277994830@qq.com","computeFlag":"Y","memberType":**********eFlag":"Y"," 1954-10-28","memberPassword&quo*****
这么多多,,给20rank不多吧??
危害等级:高
漏洞Rank:15
确认时间:2015-08-17 11:49
非常感谢您发现并提交给我们,已安排人处理!
暂无
哦呵呵,泰康人寿今天中午还给我打电话。。。
@浩天 @疯狗 帮忙给txt打一下码哈。。谢谢了。。我本来是有码的,但是数据太长,后面的一个mask给没了。。。-_-||
@DloveJ 好,删了一行数据,给mask上了。
@疯狗 ok 谢谢喽 狗哥威武
( 实习白帽子 | Rank:44 漏洞数:2 | 阅尽天下漏洞,心中自然无码。)