Today I will share with you a story about digging loopholes to get rich.
0x01 Preface
I am a young man who loves life and network security. Here I record my daily study and the fantastic ideas in vulnerability mining, hoping to communicate and encourage with those who love network security.
0x02 Vulnerability background
An app starts with a login box.
0x03 Vulnerability mining process
1. First, use your mobile phone number to register an account and log in normally, use burp to capture the return packet after successful login, record the return packet, and the return packet is as follows:
2. Use another mobile phone number to register an account, and continue to capture the message of successful login. The message is as follows:
3. After capturing the successful login messages of two different accounts, we first observe a wave and extract the parameters that may be identity authentication, loginToken, userId, phoneNo, tokenAesResult.
OK, start the logical vulnerability test, fill in an account, enter the verification code, and intercept the return packet. We modify the four parameters extracted above in the return packet, modify one of the four parameters, and modify two of the four parameters. parameters, modify three of the four parameters, modify four of the four parameters, that is
=15 species. Observe that the page returns. When the userId is modified, the page successfully jumps to the page where my account is successfully logged in.
However, by registering multiple accounts and observing the returned userId value, there are no rules. If you can't find the rules of userId, you can't log in to other people's accounts. In order to increase the vulnerability level, continue to find the value of the associated userId from the page.
Fortunately, the app has a discussion function. In its discussion function, a package that can obtain userid is captured. The returned message is as follows.
4. At this time, we log out of the account, click Login, and enter the mobile phone number to log in (the mobile phone number in this place must be unregistered). We modify the login return packet and change the userId in the figure below to the first red userId in the figure above.
5. At this time, we found that we had logged into this account called XX Fei.
0x04 Manufacturer feedback
This bug got me a bounty of 12,000.
at last
Statistics show that there is currently a gap of 1.4 million cyber security talents in China...
Whether you are a cyber security enthusiast or a practitioner with certain work experience,
whether you are a fresh graduate or a professional who wants to change jobs ,
you all need this job. super super comprehensive information
almostBeats 90% of self-study materials on the market
And covers the entire network security learning category
to bookmark it!It will definitely help your study!
Friends, if you need a full set of network security introduction + advanced learning resource package, you can click to get it for free (if you encounter problems with scanning codes, you can leave a message in the comment area to get it)~
CSDN spree: "Hacker & Network Security Introduction & Advanced Learning Resource Pack" free sharing
1. A full set of toolkits and source codes necessary for network security
2. Video Tutorial
Although there are a lot of learning resources on the Internet, they are basically incomplete. This is the online security video tutorial I recorded myself. I have supporting video explanations for every knowledge point on the road map.
3. Technical documents and e-books
The technical documents are also compiled by myself, including my experience and technical points in participating in the network protection operation, CTF and digging SRC vulnerabilities.
I have also collected more than 200 e-books on Internet security, basically I have popular and classic ones, and I can also share them.
4. NISP, CISP and other certificate preparation packages
5. Information security engineer exam preparation spree
6. Interview questions for network security companies
The interview questions about cyber security that have been sorted out in the past few years, if you are looking for a job in cyber security, they will definitely help you a lot.
Friends, if you need a full set of network security introduction + advanced learning resource package, you can click to get it for free (if you encounter problems with scanning codes, you can leave a message in the comment area to get it)~
CSDN spree: "Hacker & Network Security Introduction & Advanced Learning Resource Pack" free sharing