Find a steel network member to retrieve the password. Design a defect. The encrypted username returned by the backend is fixed, so that you can change the login password of any user.

Find a steel network member to retrieve the password. Design a defect. The encrypted username returned by the backend is fixed, so that you can change the login password of any user.

The Design of password retrieval for Steel Network members is defective. The encrypted user name returned by the backend is fixed, which allows you to change the login password of any user.

1. Test the password retrieval module. Capture packets and analyze the normal password retrieval process.

Https://member.zhaogang.com/member/Password.aspx
 

2. If you enter the correct verification code, the server returns the encrypted Login User Name (the problem is that the user name encrypted in the background should not use a random salt value or use a fixed IV value, as a result, each time a user requests to retrieve the password, the returned ciphertext is a constant string. For example, the encrypted user corresponding to user fendou2014 is eSKcZJzreJ2btAO2UlQQ6Q =)
 

3. Step 3, for example, enter the new password (fendou2016). The client can use the encrypted login username (eSKcZJzreJ2btAO2UlQQ6Q =) + the password to be modified (fendou2016) to change the user password, that is to say, as long as the ciphertext corresponding to any user is known, the login password of the user can be modified.
 

 

 

4. How to know the ciphertext corresponding to the target user name, and add X-Forwarded-For to continuously run the verification code. If the verification code is correct, the server returns the username ciphertext after verification. The user name and mobile phone number are returned on the server in step 1 (for information leakage, see the vulnerability mentioned on the 12th)
 

 

 

5. The next step is to replay the data packet in step 3. Change the password to any user name.

Solution:

The Request Parameters for password modification cannot contain information that can be predicted by attackers. Here, the request parameters are fixed ciphertext + new password, and fixed ciphertext can be obtained by running the verification code, therefore, the salt value should be used for background encryption, or the IV value cannot be fixed during group password encryption, so that the ciphertext returned by different verification code requests is random .....