好的,我现在需要帮用户总结一篇文章的内容,控制在100字以内。用户提供的文章看起来是关于一个安全工程师发现了一个身份验证绕过漏洞(IDOR)的过程。 首先,我要通读整篇文章,抓住主要情节。作者Helmi Riahi在测试一个网站时,发现了一个问题:登录后页面有时显示名字,有时不显示。这让他怀疑服务器是否正确验证了令牌。 接着,他使用Burp Suite捕获请求,发现服务器只是根据登录字段中的用户名来授予访问权限,而没有正确验证令牌。于是他尝试将登录字段改为“admin”,结果成功绕过了身份验证。 最后,公司确认这是一个关键漏洞,并给了赏金。 现在我需要将这些要点浓缩到100字以内。要注意使用简洁的语言,突出关键步骤和结果。 可能的结构是:描述问题、测试方法、发现漏洞、结果。这样就能在有限的字数内传达完整的信息。 </think> 一位安全工程师在测试网站时发现身份验证绕过漏洞:通过修改登录字段为"admin"成功绕过身份验证。公司确认为关键漏洞并给予赏金。 2025-10-16 05:45:27 Author: infosecwriteups.com(查看原文) 阅读量:44 收藏
I’m Helmi Riahi — a network & systems security engineer who gets weirdly excited about pentesting . Today I want to share a crazy little IDOR I found while hunting . This is my first article, so if I screw something up, blame the coffee and DM me on Linked in or drop a comment.
No more chit-chat — let’s jump straight into the bug hunt! 😉
I picked a target (let’s call it target.com), quickly created one test account, verified it, and was ready to start poking around.
While I was scrolling around the site with my account, poking and managing things to see how it behaved, I started wondering if there might be an XSS hiding somewhere. There was a little form to change your display name, and the front page cheerfully said “Bonjour <your name>” — which immediately made me think, hmm… what if I could inject something into that name field?
I tried that — pasted a bunch of XSS payloads into the name field, but nothing worked. I even tried different payloads in another form, still nothing — zilch. Each failed attempt just made the challenge itchier; my ego kept whispering, “You’re missing something,” and that little voice pushed me to dig deeper.
Press enter or click to view image in full size
I tried several tools — Acunetix, OWASP ZAP, and a few others — but none of them found a single vulnerability. At that point, I shrugged and thought, “Alright, time to roll up my sleeves and do this the old-fashioned way: manually.”
After logging in, the site first displayed “Login successful” without showing my name next to “Bonjour.” Then, after refreshing, it displayed “Login successful” again — but this time it showed “Bonjour Helmi.” That little inconsistency felt messy to me, like something wasn’t lining up properly. I started thinking: if the site can’t even consistently show my own name, maybe there’s a subtle flaw hiding under the hood — and that’s exactly the kind of clue a careful hunter shouldn’t ignore.
I opened Burp Suite to see exactly what was happening under the hood. After that first “Login successful” message, I captured the request — it looked like this:
Press enter or click to view image in full size
That’s when it hit me — I started thinking the server wasn’t actually verifying the token properly. Instead, it seemed to just grant access based on whatever username was in the login field.
So I decided to test my theory: I changed the login field to the word admin.
Press enter or click to view image in full size
and booooom !
Press enter or click to view image in full size
In the end, the company recognized it as a critical vulnerability, and I received the bounty reward.
Thanks for following along!
Press enter or click to view image in full size
如有侵权请联系:admin#unsafe.sh