Password retrieval address: http://www.okbuy.com/member/forgetpwd 1: no verification code at the login or the number of login limit, so you can use brute force guess solution 2: Mobile Phone Verification Code brute force guess solution, 4 digits, it will soon be able to run out. Setting the Burp thread to 10 takes about 2 minutes to run. 1. Click login and select "forgot password". Enter the mobile phone number. The system will automatically send a 4-digit verification code to the registered mobile phone number. 2. Go to the following page: 3. Capture the package and click "Next. When the POST connection is intercepted, it is sent to the intrude of the burpsuite for guessing. 4. Set the keyword to code = 1234. 5. Click set. payload indicates brute-force guessing. There are four digits. Completed in 6 or 2 minutes. Log on to the website and check that you have logged on.
The key point is that there is no verification code or limit on the number of times, and improvements are needed.Solution:Verification Code, limit of times