reset Password

Others 2022-04-22 10:31:54 views: 0

 

More and more I feel that the password reset vulnerability is fun.

The site password reset process:

  Fill in the account & register mobile phone -> perform security verification (fill in the security question) -> send SMS verification code

Through the information collection, I got the admin account and mobile phone number. But there's no way around it.

Then I registered an account, reset my password later, and found an ID in the second stage, and then changed the ID to the id of admin. In the third stage, the mobile phone number became a text message to admin. Yes, modify it to your own. get.

Personal summary:

  Follow IDs, and cookies. Try to replace it with your own.

 https://www.t00ls.net/thread-37414-1-1.html

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=324977862&siteId=291194637
Recommended
Linus is the most active in "eating dog food"!
Ranking
Share good programmer web front-end array and sorting, de-duplication and random roll call
Compilation error caused by cv_bridge and python version problems error: return-statement with no value, in function returning'void*' [-fpe
魔众帮助中心系统 v3.1.0 首页切换器,界面优化
Die beim Millimeterwellenradar-Integrationstest aufgetretene Grube (Multiprozessbindung an einen UDP-Port verursacht Probleme)
How to suppress the "requires transitive directive for an automatic module" warning properly?
LeetCode-1743. Restore the Array From Adjacent Pairs-Analysis and Code (Java)
Summer 2019 Summer soft essay 7 workers
Python中Assert断言的使用语法和例子
LeetCode one question per day (2021-2-3 sliding window median)
Fairchild, the ancestor of semiconductors, the legend of the first trillion-dollar start-up
Daily
More
2024-05-20(5)
2024-05-19(0)
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)

Code World

© 2018 codetd.com