Logical Exploits Of SMS Bombing 2023

By XiaoXin
A Bit Randomly

Full-text search allows you to search for specific words or phrases in the text of your documents, rather than just matching exact values in specific fields. There are several reasons why you might want to use full-text se... Read Using MongoDB Full-Text Search + Pagination With Mongoose Tutorial

Main Contents

Logical Exploits Of SMS Bombing

Go to replay the data packet sending the verification code to check whether the mobile phone has received multiple text messages in a short period of time. If yes, there is a message bombing vulnerability, because the backend does not set a time/frequency limit for sending mobile phone text messages.

If the backend restricts the SMS verification code, you can try the following ways to bypass it:

- Delete and modify cookies or return values, replay packets
- Traversing parameters to send packets
- Overlay the parameters
- Add a space (%20) after the phone number or add other words such as +86, comma, semicolon, letter, etc.
- Modify the case of the request parameter, or add the request parameter &id=1
- In the multi-interface test, the login location may be protected, but there is no protection when the password is retrieved
- Use call interface to bypass SMS bombing restrictions
- Modify IP to bypass SMS bombing restrictions
- Add duplicate mobile phone number parameters to replay data packets.

Please Share This Article Thank You!

Parts of E-Commerce System Security Checklist
Logical Exploits Of Operation Beyond Authority

First, log in to the system with an account, and modify user parameters by capturing packets to achieve the purpose of viewing or modifying other people's accounts, and try to continuously test and exceed the authority of ...

Logical Exploits Of Captcha

Universal verification code: When developing the verification code module, in order to facilitate calling the verification code to verify whether the function is perfect, the programmer deliberately set several universal v...