Shulou(Shulou.com)05/31 Report--

How to get the monthly payment information of 2 million Verizon users, this article introduces the corresponding analysis and answer in detail, hoping to help more partners who want to solve this problem to find a more simple and feasible way.

The following is about the author's access to nearly 2 million monthly user bills paid by Verizon Wireless through a simple security breach, which contains sensitive information such as the user's name, home address, mobile phone number, mobile device model serial number and user signature.

Verizon Wireless (Verizon Wireless) was formed by the merger of the US wireless business of Verizon and Vodafone Communications in 2000, with the former holding 55 per cent and the latter 45 per cent. Verizon Wireless used to be the second largest mobile operator in the United States. after buying Alltel from Atlantis Holdings LLC, Verizon Wireless has 83.7 million mobile users, surpassing AT&T Wireless to become the new overlord of mobile communications in the United States.

Loophole discovery

In the course of testing Verizon, after a series of probes and investigations, I found the subdomain telestore.verizonwireless.com interesting, which is used by employees within Verizon Wireless to access the Terminal of Sale (POS) tool and learn about customer-related information. Using the Google query syntax, I found some path information used internally by Verizon employees on its website, and then I wanted to use dirsearch to do some violent enumerations of related directories.

In addition, I also found the PDF view path of Verizon Wireless customers' monthly bill payment, but the request always returned a status code that could not be found by the 404 resources, so I enumerated the requests using the GET request method and found one of the an and m parameters involved. Then, combining the results of the dirsearch run, I found a strange path under which our session could be made valid after a simple construction.

Bypass authentication

In other words, now that we are legitimate users who have been verified, we can continue to browse and access some of the original paths on telestore.verizonwireless.com, but when I browse forward, I am redirected to a corresponding page containing a specific mobile phone number and contract number, and this page has nothing to do with Cookie or other Session conditions. Here is a screenshot of the page, although only one user is included under the contract number (Agreement). But it seems to be a customer order management system:

Although we cannot change the contract number or mobile phone number on the current page, we can click on the contract number (Agreement Number) and display it in the PDF format we mentioned earlier, and the PDF display path contains the an and m parameters we enumerated earlier. The a parameter here, the first thing that comes to mind, is whether it means agreement, so I want to see if there is an IDOR, but then I don't think there will be such a problem. Otherwise, how could there be two parameters? maybe the a parameter must match the m parameter.

However, later tests proved that I was wrong, and the ones that can lead to big problems are usually low-level, stupid and small mistakes. The truth is: simply by changing the a parameter, you can view the PDF files of other customer contract bills, including the following customer-related personal information:

Customer name

Home address

phone number

Mobile phone model and serial number

Customer signature

The following is the PDF file information for the contract bill:

After further inspection and analysis, I found that the minimum contract number that can be checked is 1310000000 and the maximum is 1311999999, that is to say, nearly 2 million customers' monthly bills can be seen by the above methods. Of course, there is also a risk of disclosure of customers' personal sensitive information!

This is the answer to the question on how to get 2 million Verizon users' monthly billing information. I hope the above content can be of some help to you. If you still have a lot of doubts to be solved, you can follow the industry information channel for more related knowledge.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.