If MOOC is improperly set, any user password can be reset.
Research on Password Reset Vulnerability of any user indicates Resetting Password post content active is mailbox +, + the timestamp linkid is six digits, these six digits are the first three or four in a certain period of time, 5 digits are the same, so only the numbers to be cracked are 1-3 digits. One is hr qq and the other is random 708883600@qq.com 123wsx.
First, send a password reset email to your mailbox. Check the linkid, remember the first three digits, and then reset the email to the password you want to modify. Record the timestamp returned by the server.
/201506/182035170367906 d81ac436e0d7612f9931eb782.png "alt =" i1.png "/> encrypt the string with base64 encryption, and change the active string to the encrypted base64 string.
To crack the three-digit pure-digit verification code (in fact, it can be 1-2 characters)
Reset successful
Log On
Solution:
The code should be set to a random string.