banner
言心吾

言心吾のBlog

吾言为心声
HomeArchivesLinks

How Beginners in SRC Mining Can Quickly Find Their First Vulnerability (Part 1)

28
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
This article provides tips for beginners on how to quickly submit their first effective vulnerability in the Security Response Center (SRC) and earn a bounty. It recommends common and relatively easy-to-find vulnerability types, such as SMS bombing, concurrency, CSRF, and privilege escalation, along with detailed exploration methods. The key is to practice and gain experience in order to succeed in vulnerability hunting.

As a beginner, how to quickly submit the first valid vulnerability in SRC (Security Response Center) and earn a bounty is a concern for many newcomers. This article will recommend several common and relatively easy-to-exploit vulnerability types, and provide detailed exploration ideas and methods to help you get started quickly. As the saying goes, "Unable to find high-risk vulnerabilities, make do with low-risk ones."

SMS Bombing Vulnerability#

What is an SMS bombing vulnerability?#

An SMS bombing vulnerability refers to attackers using the SMS interface of certain platforms or services to send a large number of repetitive or junk messages to the victim's mobile phone, causing the victim's phone to be flooded with messages and even rendering it unusable.

How to exploit an SMS bombing vulnerability?#

  1. Target selection: Choose websites that provide SMS verification services, such as registration, login, password recovery, etc.
  2. Interface analysis: Analyze the requests and responses of the SMS interface using tools like Burp Suite to identify the API for sending SMS.
  3. Send tests: Attempt to send multiple SMS messages and observe if there are any restrictions on the frequency or quantity of messages.

When reviewing the SMS bombing, I feel that it is better not to start with concurrency, as it may result in phone number blocking. It is better to bypass it first.

Bypass techniques#

  1. Bypass by adding spaces, 86, 086, 0086, +86, 0, 00, /r, /n, and special characters before and after the phone number parameter.

%20 +86 187111111
1871111%20 1871111 1871111\n
phone=1871111,1871111,187
phone=18711&phone=187111

  1. Modify cookies, variables, returns.
  2. 138888888889, 12 digits, take the first 11 digits through the SMS gateway, resulting in SMS bombing.
  3. Use encodings that can be parsed, such as URL encoding, to bypass.

Here is a real case:

image
Then write a dictionary to send multiple packets, and successfully receive multiple verification codes.
image

Concurrency Vulnerability#

What is a concurrency vulnerability?#

A concurrency vulnerability refers to a situation where a system fails to handle concurrency correctly when processing multiple simultaneous requests, resulting in data inconsistency or system abnormalities.

How to exploit a concurrency vulnerability?#

Everything can be concurrent.

Concurrency testing mainly focuses on scenarios such as signing in, earning points every day, liking, and liking comments. Test whether the server can respond multiple times to multiple requests.

If you want to increase the harm of concurrency vulnerabilities, you must link them with money or make the vendor feel that they can take advantage of this to achieve the effect of taking advantage of the system. At this time, your concurrency vulnerability can earn a high bounty.

Recommended tools#

Burpsuite Turbo Intruder plugin (the god of concurrency)
Please search the specific usage methods on the internet.

CSRF (Cross-Site Request Forgery)#

What is a CSRF vulnerability?#

A CSRF vulnerability refers to attackers forging user requests and, without the user's knowledge, inducing the user to perform unexpected operations while authenticated.

How to exploit a CSRF vulnerability?#

  1. Find critical operations: Choose operations that require user authentication, such as changing passwords, submitting forms, etc.
  2. Construct malicious requests: Construct an HTML form or script that contains malicious operations and inadvertently induce the user to click.
  3. Verify the vulnerability: Access the malicious link while logged in and verify if the expected operation can be executed.

Recommended tools#

  • CSRF PoC Generator in Burp Suite

Privilege Escalation Vulnerability#

What is a privilege escalation vulnerability?#

A privilege escalation vulnerability refers to a situation where ordinary users can perform operations that only administrators or other privileged users can perform without the corresponding permissions.

How to exploit a privilege escalation vulnerability?#

  1. Analyze permission controls: Understand the permission control mechanism in the system and identify the differences in permissions between different roles.
  2. Simulate low privilege users: Use the identity of a low privilege user to attempt to access high privilege functions or resources.
  3. Manual and automated testing: Manually modify parameters in requests, such as user IDs and role IDs, to verify if unauthorized access is possible.

Recommended tools#

  • xia_yue plugin in Burp Suite

Conclusion#

By mastering the exploration techniques for common vulnerabilities such as SMS bombing, concurrency, CSRF, and privilege escalation, beginners can find their first vulnerability more quickly. In the actual exploration process, in addition to theoretical knowledge, a lot of practice and continuous experience summarization are also required. I hope this article is helpful to you and wish you success in your exploration journey in SRC!

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.