nterrogation 12306 three loopholes hundreds of millions of users may disclose information

September 28th evening news last night, the network exposed 12306 another more serious problem is found, the existence of serious security vulnerabilities, may disclose user information, and other people can modify the user name and password through the vulnerability of arbitrary, booking, refund and other operations. In this regard, Sohu IT visited experts in the field of industry security. Through 12306 exposure problems were analyzed, experts said, 12306 site security risks have reached a very serious level, if not promptly upgrade blocked, hundreds of millions of user information may leak.


Sohu IT exclusive anatomy 12306 site structure diagram

exposed vulnerability is only the tip of the iceberg,

According to the

network exposed 12306 security vulnerabilities exposed, Sohu IT visited network security experts, security treasure CEO Ma jie. Ma Jie was a rising company’s technical engineer, with more than 10 years of security experience.


network security experts, security treasure CEO Ma Jie

Ma Jie told the Sohu IT said, "the network has exposed the vulnerability, or general vulnerability, and the most serious vulnerabilities, they can affect the entire database security, to have purchased a ticket information users, have a certain risk of leakage."

users is responsible attitude, open only a portion of these loopholes, white ink words and screenshots, but did not disclose more user information. Ma Jie analysis said, compared to industry and commerce, taxation, public security and other information systems, 12306 is also a very important site, related to tens of thousands of people, but its security is still relatively poor. Senior security experts and more powerful hackers, you can enter the database. "Unauthorized, inconvenient access may involve a large amount of user information."".

"we did site security tests, 90% websites have security vulnerabilities, including 20-30% there are serious security vulnerabilities. "12306 has reached the most serious level," said Ma. "As a technician, he has seen a lot of holes from the outside.". If you have the authority of the relevant organization, or he can demonstrate to the media on the spot of its problems.

earlier, micro-blog screenshot 12306, the site’s internal code (such as Figure), was a lot of Internet users tucao. Ma Jie analysis, the code is relatively junior, is one of the reasons for the slow Web site. Because of the technical language such as "like" and "%", it is a kind of fuzzy matching, which is very inefficient, and the general website uses this matching as little as possible. "And Internet users can easily go in, calmly screenshots, from the side shows that its security is not enough."


micro-blog exposure 12306 site inside >

Leave a Reply

Your email address will not be published. Required fields are marked *