[Typical vulnerability sharing] privacy breaches due to business logic 1

business logic vulnerabilities are strongly related to the business itself and must be analyzed in conjunction with the business itself.

the presence of business logic and other vulnerabilities in the video plaza can lead to user privacy leaks "high"

Problem Description:

After testing, the video plaza has the following vulnerabilities:

1,   devices shared by friends can be shared by friends in the square, which can lead to user privacy leaks.

2,   No limits on the number and frequency of comments and responses are available for malicious swipe or irrigation.

Test steps:

question 1 :

1. the userAof equipmentàEquipmentAshare to users through friendsB.

2. logged in userB, you can get the deviceAthe serial number and the newCameraid(channel number).

3. in the userBunder Create Video Plaza share and submit, usingburpCrawlhttprequest, which will be requested in theCameraidand thedeviceserialparameter modified to deviceAof the newCameraid(such as step2) anddeviceserialand submit as shown in:

4. Refresh UserBThe video library page, discover the deviceAThe video plaza has been successfully shared.

5. Video of the device can be viewed through the video Plaza

question 2 :

1. Select any video you share in the video plaza and comment on it, such as:

2,   Submit and grab the packet and transfer it to burp Intruder for multiple playback, you can see that a lot of useless replies were successfully published in a short period of time, as shown in:

problem Extension:

No

Solution Recommendations:

1,   Background strictly check the owner of the device, the shared device can not be shared again.

2 , logged-in users can limit the number and frequency of comments or replies, and anonymous users need to submit a graphics verification code.

[Typical vulnerability sharing] privacy breaches due to business logic 1