User exposure WeChat password vulnerability Liu Yan account was invaded by Ma Huateng

recently, there are users based on video dial tone geek Zhou Hongyi telephone interview, analyzes Zhou Hongyi’s telephone number. Once the story was reported, it immediately spread in the society. Geek inquiry and leaving troubles even practice has been widely recognized by the community. Zhou Hongyi learned that he personally dished out an olive branch.

19 PM, there are users to provide information to the network, the WooYun forum has a very strong geek, he (hackers) by using WeChat account security settings loopholes, successfully cracked for celebrity WeChat account, and published evidence. The Geek has cracked Liu Yan, Ma Huateng WeChat account. Don’t know if he will get Ma Huateng’s favor? The vulnerability and specific process is as follows:


today found a WeChat group vulnerability. Not playing. It was repaired.

so there’s a loophole.

the same problem arises in the user password reset link.

found in WeChat’s official home page the following functional modules


WeChat function module

visit to see this feature. Came the interest


WeChat reset password

enter a WeChat phone number that has been registered on this page.


reset password process interface

get the following tips


reset interface

select I have received the verification code to jump to a modified password page, as follows


enter password

In this step the capture

. Get the following package text



will be repeated after the submission of verifycode Bao Wenzhong will be found


such words. To find a way to break through.

after a series of attempts to find if the number of phone=18666666666 after the addition of non numeric characters, you can bypass this restriction. Then the reasoning method is

phone=18666666666 if the number of attempts is greater than the threshold, the prompt request is frequency >

Leave a Reply

Your email address will not be published. Required fields are marked *