Kuba technology's password reset for any user

Source: Internet
Author: User

1) The password retrieval function of Kuba technology is very powerful, which facilitates users to a great extent, but it also brings a significant increase in risks, kuba technology supports password retrieval for user names, email addresses, and mobile phones. 2) attackers can use the mobile phone password retrieval function to reset user passwords as long as they know any of the above three types of information (ps: shopping website users are basically bound with mobile phone numbers), enter the user name or email system will directly send the security code to the mobile phone number bound to the account; 3) in this example, vulnerabilities of the same type are: attackers can directly obtain the user's account information and increase the actual operability of vulnerability exploitation. 3.1) they come to the comments of a product on the website, it is found that many users evaluate the product after purchasing the product. The source code is as follows: <div class = "usr"> <div class = "avatar"> </Div> <p class =" name "> 13916956 * </p> <p class =" info "> dwelling member </p> </div> 3.2) the source code is as follows: <div class = "usr"> <div class = "avatar"> </Div> <p class =" name "> weinixiong *** </p> <p class =" info "> dwelling member </p> </div> 3.3) through the above, we can easily find that the naming rules of alt attributes in the img label correspond to the user name. With this discovery, we can find a lot of user information, this greatly increases the practical operability of vulnerability exploitation. 4) Now we can use the mobile phone password retrieval function (this test uses my own mobile phone number ), enter a 6-digit security code at will; 5) Click Next to submit and capture packets; 6) set the identifyCode parameter to a brute-force object. In this example, only the vulnerability is demonstrated, the brute-force cracking interval is set to a small 6-digit interval containing the actual verification code. The actual verification code can be confirmed based on the submitted status and the length of the returned bytes. 7) the packet capture page is returned, use a real verification code to replace any submitted identifyCode parameters and compare them to go to the Password Reset page. 8) enter the password we want to change and submit it. The user password reset vulnerability is exploited;

 Solution:1) increase the complexity of the verification code, such as the number and case of the child-mother round; 2) Limit the number of verification errors; 3) set the validity period of the Verification Code;

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.