Zhongguancun online user registration email verification bypass defects and repair

 

Brief description: Zhongguancun online user registration email verification has serious logical defects, leading to email verification failure

Zhongguancun online user registration, need to send an activation link containing encrypted strings to the registered user mailbox to activate, such as http://service.zol.com.cn/user/register_email_ OK .php? Uid = *** & email = *** @ 123.com& code = 9c7aef28a6e7742cb1157a4d2f0b7375, but the encrypted string is leaked in the "resend email" function ,:

 

 

As a result, the parameters at the code can be guessed and directly spliced with the url http://service.zol.com.cn/user/register_email_ OK .php? Uid = *** & email = *** @ 123.com& code = 5addd7dec4e1a4df6c0efc6441e5c41c.

 

 

Email verification is ineffective, causing malicious registration.

Proof of vulnerability: register a new user, enter the email address, and submit it.

 

Click to view the source code, find "send registration email link again" Get code parameters, splicing Link (uid for Registration Name) http://service.zol.com.cn/user/register_email_ OK .php? Uid = *** & email = *** @ 123.com& code = 5addd7dec4e1a4df6c0efc6441e5c41c and access it. A message indicating successful activation is displayed.

 

 

Solution: Modify the active link and resend link, and replace the email link with the same code parameter.

Author: Lu renjia @ wooyun