Arbitrary Password Reset + unauthorized access + SQL Injection

Source: Internet
Author: User

Arbitrary Password Reset + unauthorized access + SQL Injection

Arbitrary Password Reset + unauthorized access + SQL Injection

1. Reset any password ...... The verification code is in the return value (registration is the same, you can register any mobile phone number ).



2. unauthorized access. The entire software system has no permission settings, rather than excessive permissions. For example: 1) access this url. If the user ID is 100001, the shipping address is added.
Http://www.tootoojia.com/userAddress/AddAddress.htm? CityId = 2 & UserId = 100001 & DetailedAddress = wooyuntest & ProvinceId = 1 & DistrictId = 10 & RealName = % E5 % 93% E5 % 88% 88 & PhoneNumber = 93% & Postcode = 13888888888


2) read the contact information of any user
Http://www.tootoojia.com/userAddress/ShowAddressList.htm? UserId = 104853


3) read private messages and notifications from any user
Www.tootoojia.com/notice/noticeList.htm? Page = 1 & PageSize = 20 & UserId =
Www.tootoojia.com/mail/GetMailUserList.htm? Page = 1 & PageSize = 20 & UserId =

4) traverse the id to add attention to and brush fans
Www.tootoojia.com/friend/AddFriend.htm? FollowId = parameter 1 & UserId = parameter 2

There are too many. I will not list them one by one. You can also click like or invite here. 3. There are too many injection points. If there is a parameter, there is an injection. Here is an example: userid
Http://www.tootoojia.com/Contact/ShowContactList? UserId = 100000



Log on to the account 16888888882 (which means batch import to the database). The md5 password is 654123. Give it a try.



The User ID is 100001. The shipping address is added successfully.

Solution:

1. Do not display the SMS verification code in the returned value.
2. verify the validity of the user
3. filter parameters
 

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.