Password reset vulnerability (parallel override)

Using logical loopholes, it only verifies the authenticity of the SMS verification code, but does not verify the binding relationship between the mobile phone number and the SMS verification code. Use the mobile phone number you have: 18868345809 to get the SMS verification code A. The mobile phone number to be reset is 17101304128. When resetting, fill in the mobile phone number 17101304128 and SMS verification code A. Since the number and verification code A are both real, but the relationship between the two has not been verified, the reset is successful.

According to the question prompt, I learned that the prisoner’s mobile phone number is 17101304128. Use the mobile phone to retrieve the password, send the verification code to the mobile phone number, and receive the verification code

There is another prompt in the question, The registered mobile phone number is: 18868345809

Just imagine, can I use the prisoner’s mobile phone number to reset the password, and then click to get the SMS verification code?

The packet capture is as follows

Modify the phone number and replace the prisoner number with a registered number to obtain the verification code and reset the password

Replace the number and click forward

Return page, you can see that the verification code has been sent

Get the key.