| CPC H04W 12/12 (2013.01) [H04W 12/033 (2021.01); H04W 12/61 (2021.01)] | 16 Claims |
|
1. A method for detecting a logic vulnerability allowing arbitrary password reset for an account, comprising:
invoking a preset identification program to determine whether a request for a verification code is initiated in a to-be-detected webpage;
obtaining, from a front-end page, a response packet sent in response to the request for a verification code, and determining whether there is a short message service (SMS) verification code in the response packet, on determining that a request for a verification code is initiated in the to-be-detected webpage;
determining that the logic vulnerability allowing arbitrary password reset for an account exists in the to-be-detected webpage, on determining that there is an SMS verification code in the response packet;
determining whether a request for password reset is initiated in the to-be-detected webpage, on determining that there is no SMS verification code in the response packet;
replacing first preset user information in the request for password reset with second preset user information, to update the request for password reset, on determining that a request for password reset is initiated in the to-be-detected webpage; and
determining whether the logic vulnerability allowing arbitrary password reset for an account exists in the to-be-detected webpage, based on a first response to the updated request for password reset.
|