Arbitrary User Password modification vulnerability on the official website of diamond bird

Source: Internet
Author: User
Tags account security

Arbitrary User Password modification vulnerability on the official website of diamond bird

The vulnerability is detected in the personal center-Account Security mobile phone modification function. When modifying a mobile phone, you only need to change BriddMember_uid in the cookie to the id of any user to modify the mobile phone number of the account, then retrieve the password through the phone number to modify the password of any user, in addition to the http://www.zbird.com/pointgift/memberinfo to obtain user information in the interface to modify the same cookie value can also read the user nickname and points data.

The ZBIRDMOBILE_CARDNO value for cookie modification in http://m.zbird.com/member/ mobile edition can read any user's account information including order, points, etc.



1. First, modify the password of any user:

Register an account first, and then go to the personal Center account security and click Modify mobile phone number,





Enter the new mobile phone number
 



If you enter a registered mobile phone number, a prompt is displayed. If you change the returned value of the packet to 200, the verification can be bypassed. That is to say, the same mobile phone number can be bound to multiple accounts.


 



Modify the cookie value BriddMember_uid to any user ID. After you click submit, the user's mobile phone number will be changed to our own number. Then, you can use the mobile phone number to retrieve the password to log on.



Ii. Arbitrary user credit and nickname Viewing Vulnerability

Api interface http://www.zbird.com/pointgift/memberinfo

Modify the BriddMember_uid of the cookie.
 


 





3. User Information vulnerability in mobile edition

Log on to the mobile http://m.zbird.com/modify the ZBIRDMOBILE_CARDNO value to view any user order, points information.
 


 


 


1. modify any User Password

I only changed the user ID: 1's mobile phone number and password, but nothing else
 


 





Ii. Arbitrary user credit and nickname Viewing Vulnerability
 


 





3. User Information vulnerability in mobile edition
 


 


 

 

Solution:

Verify cookie Validity



Note: The user's mobile phone number and password have only been changed to the account whose uid is 1, but others have not been changed. Reset the mobile phone number and password of the account and fix the vulnerability.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.