Wechat arbitrary User Password Change vulnerability-vulnerability warning-the black bar safety net

2012-09-12T00:00:00
ID MYHACK58:62201234908
Type myhack58
Reporter 佚名
Modified 2012-09-12T00:00:00

Description

Found today a micro-channel Group issued a vulnerability. Also didn't play. It is patched

So it is with this vulnerability to produce

The same problem arises in the reset user password link

In the wechat official home on the found a new the following function modules

!

After the visit to see this feature. To the interest

!

In this page, enter a have already registered a wechat phone number.

!

Get the following tips

!

Select I have received the verification code it jumps to a Change Password page,as follows

!

In that one step capture. Get the following packages below check=false&phone=1 8 6 6 6 6 6 6 6 6 6&t=w_password_phone&isemail=0&value=

1 8 6 6 6 6 6 6 6 6 6&method=reset&country=A86&getmethod=web&password=

zzzzzz&password2=zzzzzz&verifycode=1 2 3 4

The package below in verifycode repeated after the submission of the discovery will prompt the

!

So. Must think of a way to break through. After a series of attempts to find if phone=1 8 6 6 6 6 6 6 6 6 6 The number behind Add is not for numeric characters,you can bypass this restriction. Thus reasoning out the judgment method If phone=1 8 6 6 6 6 6 6 6 6 6 Number of attempts is greater than the threshold value,then prompts the request too often But in this step not before the phone is purified. So it can be a special character into the But in the next step when performing the purification. Just take the phone in the digital part. Then remove this number of verifycode for comparison. The success ratio then modify the password

!

Change the password successfully. This place is the weak link in wechat reset password verification code is a 4-a 5-bit pure digital. And the numbers in the range 1 0 0 0-2 0 0 0 0 between That is to say. I just try 1 9 0 0 0 times. I used 5 0 thread the contract. 3 minutes to successfully modify a password. In the discovery of this vulnerability. I modified the two personal wechat account. One is a recent favorite stars willow rock realtor Willow rock in micro Bo published on the broker's phone number. Successfully modified into the post. Wechat comes with the off-line message viewing function. Can successfully view all QQ friends So get a Liu Yan QQ number..but refused to add friends..sad Here due to privacy reasons. It is not on the figure. Another is Tencent, certain executives. I'm in the Baidu search to Tencent executives list And then through the list of phone number to modify its password. And dear mA brother mA conducted an intimate conversation. Due to late at night. He is not in the line. So the confiscation of their response. Drawings few.

! !