Last time, I told the story of Taobao putting the key in the safe and leaking the mobile phone numbers of 1.18 billion users. People who eat melon generally report that there are too many dry goods, too advanced technology, and too long, so everyone can understand it today.
A single operation is as fierce as a tiger,
Look at the balance of twenty-five thousand.
Can't bear to get something for nothing,
Three years of prison and food are hard for me.
The second episode of "The Low-Level Mistakes Internet Giants Made in Those Years" is here. My colleague Xiao Liang, a little brother who built drones after graduating from Zhejiang University, will tell you the story of elementary school students who hacked 49 million Baidu Takeaway .
The following is the debut work of Xiaoliang classmate
What are the three questions of life? If you want me to say, the three major questions are "what's for breakfast?", "what's for lunch?", and "what's for dinner?".
Workers have a hard life, and they have to think twice about every meal 😵
But, in case the "treasure" of the platform's account balance million yuan is actually me, then what are the "three major questions" to worry about. Only children do multiple-choice questions, adults I want all of them!
"The money is theirs, I have nothing"? nonexistent! Baidu Takeaway , help every dream 😜 (If you want to go to jail, don't try)
1. The Birth of Ten Million Balance
The "Baidu Takeaway" platform system was illegally invaded, and more than 49 million yuan was tampered with. The number of orders placed covered many regions of the country, with more than 100 people, and direct consumption losses of more than 300,000 yuan.
"Beijing Youth Daily" 2018-01-30 A09
One day in October 2017, Zheng opened the Baidu takeout platform as usual, ready to order takeout.
Coincidentally, the balance is gone. Are you hungry?
You can't, you must get some money. Looking at the few remaining balances in the account, he had a flash of inspiration, and a good idea came into being.
The operation is as fierce as a tiger, and then look at the balance of 25,000!
Lele alone is not as good as all Lele. This "great discovery" soon appeared in group chats and forums, and gained a lot of "good landlords" and "lz's life is safe".
Of course, poor cognition can always make money at any time, and it is not listed.
In a short period of time, netizens from north and south all over the country joined the battle, and the "wool" of "Xiao" added up to tens of millions of yuan.
On this day, Baidu Takeaway "achieved" many one-day millionaires.
2. Methodology of "The Master of Producing Wealth"
So what did the (smart and witty) criminal suspect, Zheng Mou, get into?
The description of the case in the report uses the words "illegal trespass" and "tampering", but the nature of the case is theft.
To borrow a classic quotation from General Fan Da, the meaning is exactly what he said:
"Baidu Takeaway also has reasons to say, what company am I in, Baidu company, one of the BATs I am in, who are you, Zheng, are you here to hack me? What is the level of the criminal suspect? Just this one Man, can he hack? He can't, he doesn't have the ability to know?"
So how did this "break-in" (crossed out) theft happen? The principle behind it is incredibly simple. If a stone is thrown at the intersection, it can hit two people who will "invade" this way.
First, identify the location of the vulnerability. The so-called "system loopholes" only occur in the withdrawal system of Baidu's food delivery platform. The specific performance is that the withdrawal operation can increase the account balance.
There must be a small partner to say: "No! Withdrawal, the account balance must be reduced, how can it be increased?"
If you have the same doubts, no problem, then read on.
Then, define the business process at the point of vulnerability. Withdrawal operation is to transfer the amount in the virtual account of the platform to another account according to the user's demand. Reflected in the data, the withdrawal operation is to subtract the "withdrawal amount" from the "original account balance" to obtain the "latest account balance", which is a simple subtraction operation.
What can go wrong with subtraction? Really can! But don't take it for granted, the number to be subtracted can be positive or negative.
Finally, operate! make money! (no). When the vulnerability occurred, in the withdrawal system of Baidu Food Delivery Platform, the value of the "withdrawal amount" filled in by the user, , can really be a negative number ! This means that the "original account balance" is subtracted by a negative number, and the "latest account balance" has increased compared to the previous one!
Outrageous, outrageous indeed.
In the normal withdrawal business system, the subtraction operation of the operation should be subject to sufficient restrictions, including the restriction that the "original account balance" must be greater than or equal to the "withdrawal amount" (otherwise the new account balance will become a negative number), and the "withdrawal amount" must be greater than 0. (Make sure that the "withdrawal" operation reduces the account balance).
Obviously, the parameter verification for the "withdrawal amount" is missing in the withdrawal business code of Baidu Waimai. In the subtraction operation, the "original account balance" can be subtracted from a negative number, so the "latest account balance" will naturally increase.
Congratulations to Baidu's takeaway cash withdrawal system for achieving the achievement: "Void Money Printing Machine"
3. Safety Incident Warning Record
On January 4, 2018, the People's Procuratorate of Haidian District, Beijing approved the arrest of Zheng on suspicion of theft. Zheng paid the legal price for his "boringer" behavior.
The Baidu takeaway platform on the other side of the case lost nearly 300,000 yuan in direct consumption. After the vulnerability storm, the reputation of Baidu Takeaway gradually faded away, leaving only Ele.me and Meituan Takeaway to continue to fight in the Internet takeaway market.
The three Internet giants such as Baidu, their products have also made simple mistakes in the lack of parameter verification when it comes to money transaction business, and they have been widely used, causing huge losses, which should not be true.
Don't be greedy when you find loopholes, you will be caught if you reach out; The ubiquitous security loopholes require the majority of Internet companies always pay attention and be .
Pay attention to our WeChat public account, and continue to interpret "In those years, the low-level mistakes made by giants"
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。