Arbitrary Account Login vulnerability in a general contribution system
Following Chuan Ge's footsteps, it should be repeated to read any password,
If you log on to any account, it will be a big deal. "The vulnerability is already recorded on the platform. Related Information is IDXXX"
Beijing magtek Technology Development Co., Ltd. Design and Development (http://www.magtech.com.cn/CN/model/index.shtml)
Google or Baidu Direct Search: the system by Beijing magtek Technology Development Co., Ltd. design and development technical support: support@magtech.com.cn
There will be a bunch of cases. I believe that Chuan Ge should give the case, so I will not list it here.
Thought http://tsglt.zslib.com.cn/journalx/authorLogOn.action? Mag_Id = 7
Register an account directly.
Http://tsglt.zslib.com.cn/journalx/authorregister/Register! Done. action? Id = 11162685103 & magId = 1
Http://nvc.sjtu.edu.cn/JournalX_nvc/authorregister/Register! Done. action? Id = 11 & magId = 1
Modify the id here to access another user's account without any verification.
For example, if I change to 11162682103 for access, then click to directly go to the author center.
Check that the information I just entered in the registration is not this, so I have successfully logged on to another account (PS: access to the existing id. If the id does not exist, an error is returned. Here we can traverse it through burp)
Then read any password. Although the password should be repeated, I 'd like to mention it again. Modify the logon information. Here, an authorId is provided. You can modify the authorId to access the password modification page of another user. Then, F12 can view the asterisks and passwords.
Solution:
If yes. Thank you!