As a beginner, how to quickly submit the first valid vulnerability in SRC (Security Response Center) and earn a reward is a concern for many newcomers. This article will recommend several common and relatively easy-to-exploit vulnerability types, and provide detailed exploration ideas and methods to help you get started quickly. As the saying goes, "Can't find high-risk vulnerabilities, use low-risk vulnerabilities to make up for it."
SMS Bombing Vulnerability#
What is an SMS bombing vulnerability?#
An SMS bombing vulnerability refers to attackers using the SMS interface of certain platforms or services to send a large number of repetitive or junk messages to the victim's mobile phone, causing the victim's phone to be flooded with messages and even rendering it unusable.
How to exploit an SMS bombing vulnerability?#
- Target selection: Choose websites that provide SMS verification services, such as registration, login, password recovery, etc.
- Interface analysis: Analyze the requests and responses of the SMS interface using tools like Burp Suite to identify the API for sending SMS.
- Send tests: Attempt to send multiple SMS messages and observe if there are any restrictions on the frequency or quantity of messages.
When reviewing the SMS bombing, I feel that it is better not to start with concurrency, as it may result in phone number blocking. It is better to bypass it first.
Bypass techniques#
- Bypass by adding spaces, 86, 086, 0086, +86, 0, 00, /r, /n, and special characters before and after the phone number parameter.
%20 +86 187111111
1871111%20 1871111 1871111\n
phone=1871111,1871111,187
phone=18711&phone=187111
- Modify cookies, variables, and returns.
- 138888888889, 12 digits, take the first 11 digits through the SMS gateway, leading to SMS bombing.
- Use encodings that can be parsed, such as URL encoding, to bypass.
Here is a real case:
Then write a dictionary to batch capture packets and successfully receive multiple verification codes.
Concurrency Vulnerability#
What is a concurrency vulnerability?#
A concurrency vulnerability refers to a situation where a system fails to handle concurrency correctly when processing multiple simultaneous requests, resulting in data inconsistency or system abnormalities.
How to exploit a concurrency vulnerability?#
Everything can be concurrent.
Concurrency testing mainly focuses on scenarios such as signing in, earning points every day, liking, and liking comments. Test whether the server can respond multiple times to multiple requests.
If you want to enhance the harm of concurrency vulnerabilities, you must associate them with money or make the vendor feel that they can take advantage of this to achieve the effect of exploiting vulnerabilities for profit. At this time, our concurrency vulnerability can obtain a high reward.
Recommended tools#
Burpsuite Turbo Intruder plugin (the god of concurrency)
Please search the specific usage methods on the internet.
CSRF (Cross-Site Request Forgery)#
What is a CSRF vulnerability?#
A CSRF vulnerability refers to attackers forging user requests and inducing users to unknowingly perform unexpected operations while authenticated.
How to exploit a CSRF vulnerability?#
- Find critical operations: Choose operations that require user authentication, such as changing passwords or submitting forms.
- Construct malicious requests: Construct an HTML form or script that contains malicious operations and inadvertently induce users to click.
- Verify the vulnerability: Access the malicious link while logged in to verify if the expected operation can be executed.
Recommended tools#
- CSRF PoC Generator in Burp Suite
Privilege Escalation Vulnerability#
What is a privilege escalation vulnerability?#
A privilege escalation vulnerability refers to a situation where ordinary users can perform operations that only administrators or other privileged users can perform without the corresponding permissions.
How to exploit a privilege escalation vulnerability?#
- Analyze privilege control: Understand the privilege control mechanism in the system and identify the differences in permissions between different roles.
- Simulate low privilege users: Use the identity of a low privilege user to attempt to access high privilege functions or resources.
- Manual testing and automation testing: Manually modify parameters in requests, such as user IDs and role IDs, to verify if unauthorized access is possible.
Recommended tools#
- xia_yue plugin in Burp Suite
Conclusion#
By mastering the exploration techniques for common vulnerabilities such as SMS bombing, concurrency, CSRF, and privilege escalation, beginners can find their first vulnerability more quickly. In the actual exploration process, in addition to theoretical knowledge, a lot of practice and continuous experience summarization are also required. I hope this article is helpful to you and wish you success in your exploration journey in SRC!