Operations Branch
registered
There may be vulnerabilities:
- Any user registration
- SMS bombing / security code / password blasting
- Batch registered users
- Enumeration username / blasting
- SQL injection / storage type XSS
Landed
- SMS bombing / security code / password blasting
- SQL Injection
- You can hit library
- Empty password bypass / modify the password field to capture the value of the transmission null
- Alternatively authentication credentials / such returned data packet includes the account, the account will be able to modify other accounts login
- Permission to bypass / Cookie counterfeiting
- Third-party login, you can modify the package to return the relevant data may be logged on to other users
recover password
- SMS E-mail bombing / SMS mailbox hijacking
- Reset any user's password / code is not unified verification of mobile phone users
- Batch reset user passwords
- Seizure of a new password / validation step skip
- Local authentication, modify the return value
Purchase payment / recharge
- The transaction amount / quantity changes, the transaction amount does not have to 0.01, 1.00 and sometimes also OK
- Order transaction information encoding / Information Disclosure
- Integer overflow, int maximum 2147483647, exceeds the maximum value
- Modify the account recharge
- Repeatedly reproduced single request, high concurrency
- If the return parameters is when some strange parameters, the parameter can be added to the request packet and the retransmission
Sweepstakes
- Lottery cheats
- Brush prizes / integration
- High concurrency clicks in attendance, transfer, exchange, buy business can try
Coupons / vouchers
- Brush coupons / vouchers
- Modify the coupon amount / quantity
Freight
- Modify the amount of freight
order information
- Order Information traverse / leak
- Order information disclosure led to disclosure of user information
- Others delete orders
Member System
- Modify personal information is uploaded files, uploads with html popups
- Upload met as xlsx / docx, there may be xxe, document upload malicious blind test
- Picture upload You may also encounter imagereagick command is executed, the malicious upload pictures
- If uploads ffmpeg <3.2.4 (by video image is divided into frames), uploading malicious avi blind test ssrf
- Users lateral unauthorized access / iterate / lead to disclosure of user information
- SQL injection / XSS Profile Department store
Transfer process
- Account password in clear text transmission
- Modify the information at no session / token cause csrf
- POST / COOKIE injection
comment
- POST injection / storage XSS
- No session / token lead to CSRF
Vulnerabilities at
Code issues
- Universal code 0000,8888,1234
- Presence verification code is returned package
- Delete cookie verification code or value in the account password can blast
SMS bombing
- Replay packets
- Delete modify cookie, or to detect whether a packet related parameters, delete or modify, then replay packets
- +86 phone number plus front or behind the mobile phone number or the like spaces, and the retransmission data packet
- Sensitive parameter modification request, or a request to add a parameter such as & id = 1
- A site for a station could have made the protection, but may not have to get back at the security password, or no security during the registration process, so that multi-test interface
- If the batch registered user exists, each user can send text messages five times, but also to achieve mass bombing
Level ultra vires
- After the main landing or modify parameters, multiple interfaces continue to find major test
- Watch page source code, and sometimes there will form, but were bidden (hidden tags) to hide, you can modify the return package and then try to get the data detection
- Multiple accounts, analyzes the request parameters
Data Loss
- After retrieve your password, the fill data capture view return information, there may return sensitive data
Any user password reset
- Most of them are currently in place to change the password to modify parameters, the parameters username modified to a different user name
- Some front-end verification by using bp modify the return packet, how can we know the correct packet is kind of how? Direct try not to know