Reset any User Password

Reset any User Password

Www.wang.com, formerly known as www.51ili.com, is a publicity media, a marketing consultant, and a sales channel for sellers. Through the Internet, merchants can make the most effective product promotion for Accurate target customers. The website can also provide professional marketing consulting services for sellers, helping sellers easily develop online sales channels, quickly increase sales. Alibaba Cloud is a communication platform, a procurement consultant, and a consumer guard. Through the consumer network, members can learn and exchange consumption knowledge and consumption information. They can also trade with website sellers through websites, telephones, Group Buying cards, and other methods to enjoy preferential prices, obtain consumption security protection.

0x1: I applied for an account to be familiar with the password reset process. Let's take the key points!

Enter the correct verification code to capture the response packet and return the correct address for resetting the password!
HTTP/1.1 200 OK
Date: Mon, 25 May 2015 10:02:00 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Set-Cookie: sessionhash = deleted; expires = Sun, 25-May-2014 10:01:59 GMT; path =/; domain = .liba.com
Set-Cookie: f_sm_vc = deleted; expires = Sun, 25-May-2014 10:01:59 GMT; path =/; domain = .liba.com
Vary: Accept-Encoding, User-Agent
Content-Length: 123
Keep-Alive: timeout = 1, max = 100
Connection: Keep-Alive
Content-Type: text/html; charset = UTF-8
{"Status": 1, "result": "", "message": "RIGHT_MOBILE_VERIFY_CODE", "redirect": "findPassword. php? Step = 5 & t = mobile & user_name = doum0 "}
Now that important data is captured, we will test the admin user! 0x2: Enter the administrator account!

Click Next and you will see that admin is not bound with a mobile phone number. Then, bind the mobile phone number to the user you applied for. See the following operations.

When you click the mobile phone number, the data packet is truncated and the username is changed to admin!

If you enter the mobile phone number corresponding to doum0, you cannot obtain the verification code. It means that it does not match the user name, but admin does not bind the mobile phone number.

Here we need to modify the response package data. Changing 0 to 1 will display the sent verification code, but it will not receive verification!

0x4: Enter the verification code at will. Next, cut off the data and modify the response packet.

Modify the response package on the Password Reset page for the first time. The mobile phone number and verification code we enter at will are definitely incorrect!

You can easily modify the data as follows!

On the Password Reset page, change the password wooyun123.


Reset successful!

Log on to admin for verification!

Solution:

Improve the server verification mechanism!