缺陷编号:WooYun-2015-0126380
漏洞标题:阳光保险可批量获取被保人的车型/姓名/车牌号码等(易受到车险诈骗)
相关厂商:阳光保险
漏洞作者:prolog
提交时间:2015-07-15 10:40
公开时间:2015-08-28 16:36
漏洞类型:敏感信息泄露
危害等级:中
自评Rank:10
漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理
Tags标签:
2015-07-15: 细节已通知厂商并且等待厂商处理中
2015-07-14: 厂商已经确认,细节仅向厂商公开
2015-07-24: 细节向核心白帽子及相关领域专家公开
2015-08-03: 细节向普通白帽子公开
2015-08-13: 细节向实习白帽子公开
2015-08-28: 细节向公众公开
阳光保险可批量获取被保人的车型和姓名
1.百度得到有效的保单号阳光车险正式保单号码:1021205092015004597102120507201501212.车险报案,输入保单号http://**.**.**.**/mobile/claimreport/carinsurance/car_claim_report!index.action?WT.ac_id=GW_mobile_index_chexianbaoan&needWxShare=true返回了车型和车主姓名{"IDCardNumber":null,"ajaxCode":null,"ajaxStatus":"success","alipayAccount":null,"apiusername":null,"applicantIdNo":null,"applicantIdType":null,"applicantName":"宋伟萍","brandName":"大众汽车SVW71611FS","caseKind":null,"caseKindName":null,"caseNo":null,"claimCustomerNo":null,"claimNo":null,"claimStatusList":null,"claimType":null,"damageArea":null,"damageCase":null,"damageCity":null,"damageDate":null,"damagePlace":null,"damageProv":null,"damageTown":null,"driver":null,"driverMobile":null,"gpsLat":null,"gpsLng":null,"isAlipay":null,"isGuess":null,"licenseNo":"鲁A988CP","licenseNoList":null,"lipeijindu":null,"lossType":null,"mobile":null,"notifyDate":null,"notifyMan":null,"nowDate":null,"ntfmIdentity":null,"payClaimList":null,"payClaimMapList":null,"policyNo":"1021205092015004597","policyNoList":null,"policyNos":"1021205092015004597","reportType":null,"resultMsg":null,"returnMessage":null,"riskCodes":"0509","sequenceNo":null,"source":null,"unPayClaimList":null,"wxId":null}3.保单号是有序的,下一个1021205092015004598{"IDCardNumber":null,"ajaxCode":null,"ajaxStatus":"success","alipayAccount":null,"apiusername":null,"applicantIdNo":null,"applicantIdType":null,"applicantName":"赵勇","brandName":"纳智捷DYM7182AAA","caseKind":null,"caseKindName":null,"caseNo":null,"claimCustomerNo":null,"claimNo":null,"claimStatusList":null,"claimType":null,"damageArea":null,"damageCase":null,"damageCity":null,"damageDate":null,"damagePlace":null,"damageProv":null,"damageTown":null,"driver":null,"driverMobile":null,"gpsLat":null,"gpsLng":null,"isAlipay":null,"isGuess":null,"licenseNo":"鲁A2D287","licenseNoList":null,"lipeijindu":null,"lossType":null,"mobile":null,"notifyDate":null,"notifyMan":null,"nowDate":null,"ntfmIdentity":null,"payClaimList":null,"payClaimMapList":null,"policyNo":"1021205092015004598","policyNoList":null,"policyNos":"1021205092015004598","reportType":null,"resultMsg":null,"returnMessage":null,"riskCodes":"0509","sequenceNo":null,"source":null,"unPayClaimList":null,"wxId":null}
4.同样,找到有效的车牌号冀A526FE,也返回了被保人姓名
...
报案查询时进行多因素控制,比如需要输入被保人的身份证和姓名
危害等级:中
漏洞Rank:10
确认时间:2015-07-1416:35
CNVD确认所述情况,已经转由CNCERT向保险行业信息化主管部门通报,由其后续协调网站管理单位处置.
暂无
原文连接
的情况下转载,若非则不得使用我方内容。