Okai airline Password Reset Vulnerability (required)

Okai airline Password Reset Vulnerability (required)

Http://bk.travelsky.com/bkair/page/users/front/userLogin.jsp


Password retrieval process

1. Enter the user name and submit it (brute-force)
 

 

2. Enter the password retrieval question (the page contains the user's mobile phone number and password retrieval email)

For example
 

This step is the necessary condition. You need to know the answer to your account's password retrieval. Test results show that users are allowed to use simple answers, such

A. The answer is the same as the question.

B. account name.



The test found that the following accounts and answers are available:
 

Admin 1 lifang Li Fang chenboywangfei 11 can also be cracked (the content in the red box is the answer to the password retrieval question)

3. If the answer to the question is correct, the server will send a new password to the mailbox or mobile phone number of the retrieved account, which can be tampered with as another email phone.


Replace the email or mobile phone number.

Replace email
 

The email you received is probably like this.
 

Replace mobile phone number
 

Logon Verification

Admin
 

Lifang
 

Chenbo
 

Solution:

Simply click. the email address is not displayed on the page or submitted. It is directly sent by the server.