作者:安韦苇8 | 来源:互联网 | 2023-02-01 20:47
上海大众招聘系统某处越权(涉及16w应聘者详细个人信息)RT问题站点:http:recruit.svw.cnrecruitmentresumeaddresumeperson_i
上海%ignore_a_1%招聘系统某处越权(涉及16w应聘者详细个人信息)
RT
问题站点:
http://recruit.svw.cn/recruitment/resume/addresume/person_id/160000/lid/1/job_id/2
遍历person_id可遍历获取应聘用户简历,以id来看大概16w
例如
http://recruit.svw.cn/recruitment/resume/addresume/person_id/160000/lid/1/job_id/2
再如
http://recruit.svw.cn/recruitment/resume/addresume/person_id/161111/lid/1/job_id/2
解决方案:
权限控制。
http://www.dengb.com/qyaq/1097999.htmlwww.dengb.comtruehttp://www.dengb.com/qyaq/1097999.htmlTechArticle上海大众招聘系统某处越权(涉及16w应聘者详细个人信息) RT 问题站点: http://recruit.svw.cn/recruitment/resume/addresume/person_id/160000/lid/1/job_id/2 遍…
—-想了解更多的企业安全相关处理怎么解决关注<编程笔记>