Severe logical vulnerabilities in p2p financial security
Kingletter Network (http://www.jinxin99.cn) in the p2p financial industry seems to be the top 50, password retrieval function has design defects, resulting in the reset of any user password. 1. Enter the mobile phone number, image verification code, and click send SMS verification code to go to the next step. 2. Enter a text message verification code at will, enter the new password and image verification code, and Click Reset. 3, the packet capture request is as follows: POST/ssl/validatePhoneCodeLogin. do HTTP/1.1 Host: www. jinxin99.cnphoneCode = 4325 & type = forgetPassword the request first checks whether the verification code is correct. If the correct ECHO is {success: true}, the request is reset successfully. If the SMS verification code is incorrect, the value is {success: false }. Enter the SMS verification code at will, submit the request, use burp to intercept response, and then change {success: false} in the ECHO to {success: true }, the user's password is successfully reset. Process
Solution:
We recommend that you step by step to reset the request and determine that the SMS Verification Code, new password, and other parameters meet the requirements before the reset is successful. Otherwise, an error is returned.