Many well-known hotel chains, high-end brand hotels there are serious security vulnerabilities, massive open room information stored in the disclosure risk-vulnerability warning-the black bar safety net

ID MYHACK58:62201559072
Type myhack58
Reporter 佚名
Modified 2015-02-13T00:00:00


Well-known Inn orange, Jinjiang Inn, the super eight, pudding; high-end hotel the MARRIOTT Hotel Group, MARRIOTT, Ritz Carlton, Starwood group, Sheraton, Le Meridien, W Hotels, Intercontinental Hotel Group, Holiday Inn, etc there is a serious security breach, the tenant Open House information at a glance, also on the property order to modify and cancellation.

Starwood Hotel Group


Starwood is the world's largest hotel and leisure group, its hotel of high-end luxury renowned,and has an industry–leading and award-winning loyalty program-SPG Preferred Guest members can earn points and redeem into the room accommodation, room upgrades and flights, with no blackout dates.


The Group's brands include St. Regis St. Regis, the Luxury Collection The Luxury Collection, W Hotel, W Hotels, and Le Meridien Le Meridien, The Westin, the Sheraton Sheraton, the Aloft(Aloft), the source and sink(Element, and Four Points(Four Points).

Vulnerability description:

According to the vulnerability box white hats reports showed the vulnerability is located in the Starwood Group's official website, through this vulnerability hackers can be order detail query, get a lot of order information, order details including name, arrival date, room charge, credit card last four digits of the credit card expiration date, mail, address, etc.

[1] [2] [3] [4] [5] [6] [7] [8] next