International Airlines any user is bound to any phone,any reset a user's password-vulnerability warning-the black bar safety net

ID MYHACK58:62201338991
Type myhack58
Reporter 佚名
Modified 2013-05-27T00:00:00


In my information point to modify the phone to send the verification code to set up burpsuite cut package

Phone=1 5 0**&userName=admin

Modify your mobile phone number and want to reset the password of the username there is a very magical thing to modify is successful will directly jump to you to modify the user's personal information, but the phone did not bind successfully

The next step is the binding of any phone

Point modify a phone, enter you want to bind the mobile phone number verification code easily fill with burpsuite capture

newMobilePhone=1 3 8 8 8 8 8 8 8 8 8&oldMobilePhone=1 5 0 7 9 4*&Code=§1 2 3 4§&userName=test***&lang=cn

Set“code”for the blasting parameters to be brute force,since the verification code is 4-bit so soon blasting out, and forget to screenshot it with words we all know

A successful bind Mobile Phones 1 3 8 8 8 8 8 8 8 8 8

Finally, any reset a user's password due to the above two vulnerabilities, you can easily to the user's phone is reset

As long as the point of Forgot Password enter the user name and phone number you can get a new password here not to do the test

! ! !

Repair solutions:

Fix logic errors, The code to strengthen the security!