User exposure WeChat password vulnerability Liu Yan account was invaded by Ma Huateng

recently, there are users based on video dial tone geek Zhou Hongyi telephone interview, analyzes Zhou Hongyi’s telephone number. Once the story was reported, it immediately spread in the society. Geek inquiry and leaving troubles even practice has been widely recognized by the community. Zhou Hongyi learned that he personally dished out an olive branch.

19 PM, there are users to provide information to the network, the WooYun forum has a very strong geek, he (hackers) by using WeChat account security settings loopholes, successfully cracked for celebrity WeChat account, and published evidence. The Geek has cracked Liu Yan, Ma Huateng WeChat account. Don’t know if he will get Ma Huateng’s favor? The vulnerability and specific process is as follows:

crack

today found a WeChat group vulnerability. Not playing. It was repaired.

so there’s a loophole.

the same problem arises in the user password reset link.

found in WeChat’s official home page the following functional modules

 

WeChat function module

visit to see this feature. Came the interest

 

WeChat reset password

enter a WeChat phone number that has been registered on this page.

 

reset password process interface

get the following tips

 

reset interface

select I have received the verification code to jump to a modified password page, as follows

 

enter password

In this step the capture

. Get the following package text

 

code

will be repeated after the submission of verifycode Bao Wenzhong will be found

 

such words. To find a way to break through.

after a series of attempts to find if the number of phone=18666666666 after the addition of non numeric characters, you can bypass this restriction. Then the reasoning method is

phone=18666666666 if the number of attempts is greater than the threshold, the prompt request is frequency >

Leave a Reply

Your email address will not be published. Required fields are marked *