project
During a process of vulnerability mining in multiple apps in an authorized project, it was discovered that points can be accumulated in a certain app software by punching in, and the accumulated points can be exchanged for goods in the points mall. I casually tried the functions of getting points by punching in and shopping. No loopholes were found at that time. When I tested the shopping function for the first time, the error message returned was as follows:
After seeing the exception, I did not test it again. At that time, I thought that the system had reported errors and there should be no problems with the order. Until I turned on my phone the next day and found that my express delivery software had no chance to show two new express delivery. When I was still having questions about express delivery, I thought of the order data packets that were replayed twice and returned null pointer exceptions twice yesterday.
So I continued to test the app to reproduce the vulnerability.
The specific mining process is as follows:
After downloading the installation package, I found that the app had simple protection and could not directly capture packets through the burp proxy, so I went directly to Xposed+JustTrustMe. The test environment I use is HUAWEI nova 3. It is very troublesome to enable root installation of Xposed on current mobile phones, and almost all have relevant restrictions. Here is a virtualXposed tool recommended, which is relatively convenient to use and eliminates the need for newbies. The corresponding function can be realized by configuring the related root unlocking process.
Install and run the app in virtualXposed, then register and log in. After logging in, you can see the points mall function in "My".
The function of the application is to earn points through check-in or other tasks, and then use the points to redeem or use WeChat and Alipay to recharge to obtain points. The points mall uses points for shopping.
First, open the points mall and select the product you want to purchase (baipiao) to view, then click Redeem Now (lijibaipiao) below, the redemption amount will pop up, and continue to click Redeem Now (lijibaipiao).
In the pop-up order creation interface, fill in the harvest address harvest information, then enable burp to intercept data packets, and click "Price Increase Order" to intercept the data.
Then we change the num parameter to 0 as follows to release the package. After the data packet is released, a null pointer exception will be prompted when returning the packet. At this time, the application enters the payment page and prompts us to pay points, and the payment amount is 0.
There is a probability that a payment exception will occur during payment. You can view the order on the My Order page and click Pay (bapiao) to make the payment.
At this time we will see
Then you will find out after a while
Then we just need to wait quietly.
This vulnerability mining was tested under authorization. The details of the vulnerability have been submitted to the developer in the form of a report, and the vulnerability has been completely fixed.
digression
Many people who are new to the computer industry or graduates of computer-related majors from universities encounter difficulties in finding employment due to lack of practical experience. Let's look at two sets of data:
-
The number of college graduates nationwide in 2023 is expected to reach 11.58 million, and the employment situation is grim;
-
Data released during the National Cyber Security Awareness Week show that by 2027, the shortage of cyber security personnel in our country will reach 3.27 million.
On the one hand, the employment situation for fresh graduates is grim every year, and on the other hand, there is a shortage of one million cybersecurity talents.
On June 9, Max Research’s 2023 Employment Blue Book (including the “2023 China Undergraduate Employment Report” and “2023 China Higher Vocational Students Employment Report”) was officially released.
The top 10 majors with the highest monthly income for college graduates in 2022
Undergraduate computer majors and higher vocational automation majors have higher monthly incomes. The monthly incomes of the 2022 undergraduate computer majors and higher vocational automation majors are 6,863 yuan and 5,339 yuan respectively. Among them, the starting salary of undergraduate computer majors is basically the same as that of the 2021 class, and the monthly income of higher vocational automation majors has increased significantly. The 2022 class overtook the railway transportation major (5,295 yuan) to rank first.
Looking at the major specifically, the major with the highest monthly income for the 2022 undergraduate class is information security (7,579 yuan). Compared with the class of 2018, undergraduate majors related to artificial intelligence such as electronic science and technology and automation performed well, with starting salaries increasing by 19% compared to five years ago. Although data science and big data technology are new majors in recent years, they have performed well and have ranked among the top three majors with the highest monthly income for 2022 undergraduate graduates six months after graduation. French, the only humanities and social sciences major that entered the top 10 highest-paying undergraduates five years ago, has dropped out of the top 10.
“There is no national security without cybersecurity.” At present, network security has been elevated to the level of national strategy and has become one of the most important factors affecting national security and social stability.
Characteristics of the network security industry
1. The employment salary is very high, and the salary increases quickly. In 2021, Liepin.com announced that the employment salary in the network security industry is the highest per capita in the industry, 337,700!
2. There is a large talent gap and many employment opportunities
On September 18, 2019, the official website of the "Central People's Government of the People's Republic of China" published: my country's demand for cyberspace security talents is 1.4 million, but major schools across the country train less than 1.50,000 people every year. Liepin.com’s “Cybersecurity Report for the First Half of 2021” predicts that the demand for network security talents in 2027 will be 3 million. Currently, there are only 100,000 employees engaged in the network security industry.
The industry has huge room for development and there are many jobs
Since the establishment of the network security industry, dozens of new network security industry positions have been added: network security experts, network security analysts, security consultants, network security engineers, security architects, security operation and maintenance engineers, penetration engineers, information security management Officer, data security engineer, network security operations engineer, network security emergency response engineer, data appraiser, network security product manager, network security service engineer, network security trainer, network security auditor, threat intelligence analysis engineer, disaster recovery professional , Practical attack and defense professionals...
Great career value-added potential
The network security major has strong technical characteristics, especially mastering the core network architecture and security technologies at work, which has an irreplaceable competitive advantage in career development.
As personal abilities continue to improve, the professional value of the work they do will also increase with the enrichment of their experience and the maturity of project operations, and the room for appreciation will continue to increase. This is the main reason why it is popular with everyone.
To a certain extent, in the field of network security, just like the medical profession, the older you get, the more popular you become. Because the technology becomes more mature, your work will naturally be taken seriously, and promotion and salary increases will come naturally.
How to learn hacking & network security
As long as you like my article today, my private network security learning materials will be shared with you for free. Come and see what is available.
1. Learning roadmap
There are a lot of things to learn about attack and defense. I have written down the specific things you need to learn in the road map above. If you can complete them, you will have no problem getting a job or taking on a private job.
2. Video tutorial
Although there are many learning resources on the Internet, they are basically incomplete. This is an Internet security video tutorial I recorded myself. I have accompanying video explanations for every knowledge point in the roadmap above.
The content covers the study of network security laws, network security operations and other security assessments, penetration testing basics, detailed explanations of vulnerabilities, basic computer knowledge, etc. They are all must-know learning contents for getting started with network security.
(They are all packaged into one piece and cannot be expanded one by one. There are more than 300 episodes in total)
Due to limited space, only part of the information is displayed. You need to click on the link below to obtain it.
3. Technical documents and e-books
I also compiled the technical documents myself, including my experience and technical points in participating in large-scale network security operations, CTF, and digging SRC vulnerabilities. There are more than 200 e-books. Due to the sensitivity of the content, I will not display them one by one.
Due to limited space, only part of the information is displayed. You need to click on the link below to obtain it.
4. Toolkit, interview questions and source code
"If you want to do your job well, you must first sharpen your tools." I have summarized dozens of the most popular hacking tools for everyone. The scope of coverage mainly focuses on information collection, Android hacking tools, automation tools, phishing, etc. Interested students should not miss it.
There is also the case source code and corresponding toolkit mentioned in my video, which you can take away if needed.
Due to limited space, only part of the information is displayed. You need to click on the link below to obtain it.
Finally, here are the interview questions about network security that I have compiled over the past few years. If you are looking for a job in network security, they will definitely help you a lot.
These questions are often encountered when interviewing Sangfor, Qi Anxin, Tencent or other major companies. If you have good questions or good insights, please share them.
Reference analysis: Sangfor official website, Qi’anxin official website, Freebuf, csdn, etc.
Content features: Clear organization and graphical representation to make it easier to understand.
Summary of content: Including intranet, operating system, protocol, penetration testing, security service, vulnerability, injection, XSS, CSRF, SSRF, file upload, file download, file inclusion, XXE, logical vulnerability, tools, SQLmap, NMAP, BP, MSF…
Due to limited space, only part of the information is displayed. You need to click on the link below to obtain it.