2014-12-09: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-01-23: 厂商已经主动忽略漏洞,细节向公众公开
地图汇某平台数据库未授权访问(泄露用户信息)
42.121.15.217
/* 0 */{ "_id" : ObjectId("547045624159313d28dc0000"), "sign_in_count" : 2, "email" : "opdpzjjzwzgyd31bvlrxt4jxx0-8_temp@dituhui.com", "role" : 0, "messages_count" : 0, "replies_count" : 0, "avatar" : "http://wx.qlogo.cn/mmopen/Ayk3AAf9GDaFQk46hwuYrkLWCTNEIuf4rJDl7jOKWScXH6IDic3LbvFAlMGbjnJGqfzuDoG1M4jCQstOAWmFbnFnT4GDWBrPf/0", "deleted_at" : null, "uid" : 1443221856, "token" : "7q_pxo6xSrkFmPxCP1-e", "login" : "Winxin用户_1416643937", "tel" : null, "current_sign_in_at" : ISODate("2014-11-22T09:03:53.742Z"), "current_sign_in_ip" : null, "updated_at" : ISODate("2014-11-22T09:03:53.75Z"), "created_at" : ISODate("2014-11-22T08:12:18.823Z"), "sex" : 2, "authorizations" : [{ "_id" : ObjectId("547045624159313d28dd0000"), "uid" : "opdPZjjzwZGYd31BvLrXT4Jxx0-8", "provider" : "weixin", "updated_at" : ISODate("2014-11-22T09:03:53.748Z"), "created_at" : ISODate("2014-11-22T08:12:18.836Z"), "nickname" : "兰", "avatar" : "http://wx.qlogo.cn/mmopen/Ayk3AAf9GDaFQk46hwuYrkLWCTNEIuf4rJDl7jOKWScXH6IDic3LbvFAlMGbjnJGqfzuDoG1M4jCQstOAWmFbnFnT4GDWBrPf/0", "access_token" : "OezXcEiiBSKSxW0eoylIeE4IoI81fjen9EDbPn4YxgX7l1C2g_3y_GBamSARMjAkgQ8azFt4pinEUQZ4eKe6x_mH92Sm6TOSsa3SNWROcysGkblf9M9xg5HRNrnc3AJfGTl94f4fYzAJd1VeoF8eDg", "province" : "Shanxi", "city" : "Taiyuan", "country" : "CN", "privilege" : "[]", "unionid" : "opdPZjjzwZGYd31BvLrXT4Jxx0-8", "openid" : "o1QbksyeeJE8qCgPTdYD2u-LWJdI", "refresh_token" : "OezXcEiiBSKSxW0eoylIeE4IoI81fjen9EDbPn4YxgX7l1C2g_3y_GBamSARMjAkX17wKZsOk6tFukuuJt90a5pAEUkZKFxrfRAQteeQ6_ix2QfjeHqkIy_yA6u0lMbpyPqhEEdx20f-m9AtMlxLcg", "scope" : "snsapi_login" }], "last_sign_in_at" : ISODate("2014-11-22T08:12:18.811Z")}
未能联系到厂商或者厂商积极拒绝
