A user’s mobile phone number information is leaked on the login page of a website

Enterprise 2020-10-27 11:01:51 views: null

Exploit

Insert picture description here
Enter the user name, the interface will pop up the mobile phone number, it seems that the mobile phone number is hidden, but by grabbing the http package, it is found that the mobile phone number is actually returned in the background. It can be seen that changing the mobile phone number is only hidden at the front end.
Insert picture description here
Moreover, the interface has not been verified and can be called arbitrarily, so the blasting journey of BurpSuit is started.

A large number of registered mobile phone numbers can be exposed through this interface, resulting in leakage of mobile phone number information.

Bug fix

Do not return the mobile phone number at the back end, as the front end should hide the middle four digits.

If you want to learn more about network security, you can follow the public account "SCLM Security Team".
Insert picture description here

Guess you like

Origin blog.csdn.net/lynnlovemin/article/details/109291251

A user’s mobile phone number information is leaked on the login page of a website

Mini program login authorization (obtain the user's mobile phone number and information)

Small micro-channel program authorized login for user information and mobile phone number

(Detailed version) Java implements a small program to obtain WeChat login, user information, mobile phone number, and avatar

uniapp mobile phone number authorization login - now only through the mobile phone number authorization login, the background to obtain user information effect demo (organization)

Firefox will warn the user login information was leaked

uniapp WeChat applet authorized mobile phone number and authorized user information

Alipay applet obtains user information and mobile phone number

(JAVA) Alipay applet login related (authToken obtains the user's unique userId, encryptedData decrypted mobile phone number)

How to obtain the user's mobile phone number to authorize login in the WeChat applet

[Shufang Big Data] Mobile website access user mobile phone number capture method, website code capture process

How to grab website visitor's mobile phone number

uniapp obtains the user's mobile phone number

The applet obtains the user's mobile phone number

How to grab the mobile phone number of website visitors

[Mobile phone number verification/front end] Vue2+elementUI writes a mobile phone number verification code login page, routing development (with complete code)

[WeChat applet] WeChat login and mobile phone number quick login:

How to obtain basic user information and mobile phone number for uniapp development applet

Android: How to login an user with his phone number

Realize the function of directly calling the phone by clicking the mobile phone number when the mobile phone accesses the website

Free mobile phone number attribution API interface to query mobile phone number attribution information

Taro - get the phone number and user information

One-click login with mobile phone number in uni-app

One-click login with UNIAPP mobile phone number

WeChat Mini Program mobile phone number login process

Quickly develop mobile phone number registration and login function in three minutes

Website real-time mobile phone number crawling

Do not hijack the network and leaked phone number

Visit the website on a mobile phone, click on the mobile phone number to make a call directly

Micro-channel public number, a phone authorization page login feature

Recommended

Rushing to the GitHub hot list——How can open source programming languages and frameworks be so cute?

Beijing Humanoid Robot Innovation Center launches Tiangong, the world's first full-size humanoid robot with purely electric drive for anthropomorphic running

Ranking

8个无需编写代码即可使用 Python 内置库的方法

Java collections interview knowledge Lite

Machine learning algorithms foundation - Introduction a (watermelon materials for the book)

(Easy) Ransom Note - LeetCode

[Five days] Qt from entry to actual combat: the second day

Remember once extremely pit father can not download Maven Jar package of issues: IDEA question

The minimum cost Shortest

OSPF study map (the most complete version)

Network Takeaways

GnuPG

Daily

2024-04-27(29)

2024-04-26(22)

2024-04-25(32)

2024-04-24(30)

2024-04-23(30)

2024-04-22(5)

2024-04-21(0)

2024-04-20(6)

2024-04-19(5)

2024-04-18(0)