当前位置:网站首页>Record once, modify password logic vulnerability actual combat
Record once, modify password logic vulnerability actual combat
2022-07-06 14:03:00 【Lazy and talented】
Catalog
0x0a Status code information :
0x0b The nature of the vulnerability :
0x0c Information gathering : js White box
0x02 Intercept the return packet , Modify the status code
It is found that Prompt process error
0x05 Log in with the new password Successfully logged in
The vulnerability has been fixed , Do not operate carelessly .
0x0a Status code information :
HTTP Status code from Three decimal digits make up
There are five types of responses : Information response (100–199), Successful response (200–299), Redirect (300–399),
Client error (400–499) And server errors (500–599).
0x0b The nature of the vulnerability :
Lack of back-end authentication or server authentication , And the front end lacks logic .
0x0c Information gathering : js White box
vue frame , miscellaneous webpack, Infer the use of js Front end validation .
f12 see ctrl+f Search for logical vulnerability keywords “ Verify success ”
Combine the front , There may be a single front-end certification
Ideas : Grab the bag , modify response Status code for :200
0x0d Don't talk much, do it
0x01 Verification code bypass
Note that the verification code is not obtained at this time
0x02 Intercept the return packet , Modify the status code
do intercept ——> Response to this request
Modify the status code to 200
Verification code bypassed successfully
0x03 Modify reset password
0x00 It is found that Prompt process error
f12 View source code
I found that there are still js authentication , Because the last step may lack js Parameters
That's it Try whether you can bypass here
0x04 Modify the status code
Successfully bypassed
0x05 Log in with the new password Successfully logged in
The vulnerability has been fixed , Do not operate carelessly .
边栏推荐
- 扑克牌游戏程序——人机对抗
- 实验五 类和对象
- Hackmyvm target series (6) -videoclub
- 实验六 继承和多态
- Programme de jeu de cartes - confrontation homme - machine
- 【黑马早报】上海市监局回应钟薛高烧不化;麦趣尔承认两批次纯牛奶不合格;微信内测一个手机可注册俩号;度小满回应存款变理财产品...
- [insert, modify and delete data in the headsong educator data table]
- TypeScript快速入门
- Package bedding of components
- Nuxtjs quick start (nuxt2)
猜你喜欢
Using spacedesk to realize any device in the LAN as a computer expansion screen
Have you encountered ABA problems? Let's talk about the following in detail, how to avoid ABA problems
Yugu p1012 spelling +p1019 word Solitaire (string)
canvas基础1 - 画直线(通俗易懂)
. How to upload XMIND files to Jinshan document sharing online editing?
记一次猫舍由外到内的渗透撞库操作提取-flag
Mixlab unbounded community white paper officially released
7-5 走楼梯升级版(PTA程序设计)
Hackmyvm target series (7) -tron
实验六 继承和多态
随机推荐
Nuxtjs quick start (nuxt2)
简单理解ES6的Promise
7-6 矩阵的局部极小值(PTA程序设计)
实验七 常用类的使用
Mixlab unbounded community white paper officially released
浅谈漏洞发现思路
[VMware abnormal problems] problem analysis & Solutions
String ABC = new string ("ABC"), how many objects are created
[MySQL database learning]
7-1 输出2到n之间的全部素数(PTA程序设计)
记一次api接口SQL注入实战
Reinforcement learning series (I): basic principles and concepts
Difference and understanding between detected and non detected anomalies
2022泰迪杯数据挖掘挑战赛C题思路及赛后总结
. Net6: develop modern 3D industrial software based on WPF (2)
Detailed explanation of three ways of HTTP caching
强化学习基础记录
Tencent map circle
网络层—简单的arp断网
深度强化文献阅读系列(一):Courier routing and assignment for food delivery service using reinforcement learning