Vulnerability Detail Report
Vulnerability Overview
- ZDID: ZD-2021-00534
- Vendor: 中華電信轉通報窗口(HiNet)
- Title: 中華電信會員註冊流程繞過身分驗證漏洞
- Introduction: 使用Burpsuit 工具中,可bypass簡訊驗證碼,有手機號碼即可註冊,並瀏覽會員資料(帳單,合約,升級服務)
處理狀態
目前狀態
-
新提交
-
已審核
-
已通報
-
未回報修補狀況
-
未複測
-
公開
處理歷程
- 2021/08/05 12:01:08 : 新提交 (由 owem 更新此狀態)
- 2021/08/09 21:31:36 : 審核完成 (由 HITCON ZeroDay 服務團隊 更新此狀態)
- 2021/08/10 14:57:18 : 修補中 (由 HITCON ZeroDay 服務團隊 更新此狀態)
- 2021/08/10 14:57:18 : 審核完成 (由 HITCON ZeroDay 服務團隊 更新此狀態)
- 2021/08/10 14:57:19 : 修補中 (由 HITCON ZeroDay 服務團隊 更新此狀態)
- 2021/10/05 03:00:08 : 公開 (由 HITCON ZeroDay 平台自動更新)
詳細資料
- ZDID:ZD-2021-00534
- 通報者:owem (owem)
- 風險:高
- 類型:邏輯漏洞 (Logic Flaws)
參考資料
漏洞說明: OWASP - Testing for business logic
https://www.owasp.org/index.php/Testing_for_business_logic
漏洞說明: CWE-840: Business Logic Errors
https://cwe.mitre.org/data/definitions/840.html
相關網址
敘述
Vulnerability Description:
Business logic vulnerabilities are flaws in the design and implementation of an application that allow an attacker to elicit unintended behavior. This potentially enables attackers to manipulate legitimate functionality to achieve a malicious goal. These flaws are generally the result of failing to anticipate unusual application states that may occur and, consequently, failing to handle them safely.
Attack Details:
1.Open Burpsuit>Proxy>Intercept>openBrowser, visit https://member.cht.com.tw/CHTRegi/mobile_register.jsp
2.Enter cellphone number:0912340000 with right CAPTCHA and do "next".
3.Enter sms CAPTCHA with 0000, then click Burpsuit's button "Intercept is on " and do "next" in website member.cht.com.tw.
refer to P1.JPG
4.Get Http request data then click right mouse button "Do intercept">"Response to this request" then "Forward".
refer to P2.JPG
5.Get Http data and modify status:2 to status:0 then "Forward".
refer to P3.JPG
6.You can bypass sms CAPTCHA flow and register account 0912340000.
refer to P4.JPG
7.Etner password test1234 then submit. You can use this account and password to login.
refer to P5.JPG and P6.JPG
Injection Points / Affected Parameters:
https://member.cht.com.tw/CHTRegi/mobile_register.jsp
Please help to reset these account: 0912340000,0911222339,0988486924,0911436563.