Using Request #2 we can ask the server who the specific owner of a particular phone/email is and the server will tell us.
This kind of information disclosure is present in a number of features on Facebook. It won't however tell us who the owner is. Using Request #1 we can effectively ask the Facebook server does this email/phone number exist in your database? And the server will reply yes or no. We're able to gain limited information about specific users we're not friends with and even evade privacy settings. Issue #1 Verify information through look-upĭid you notice how we were able to search for an arbitrary user/email/phone number and obtain the username/image/obfuscated data? The lookup feature fundamentally contains and operates using an information disclosure vulnerability.
#Brute force uninstall garmin express password
Request #2 (GET /recover/initiate) if you are redirected, the request passes the cookie from step one and the server will give you the password reset info, name/image/email/phone. If it doesn't exist you are given an error message. If it does, a cookie is set and you are redirected (Request #2). Request #1 (POST /ajax/login/help/identify.php?ctx=recover) seems to be an initial check to verify if the data you are requesting actually exists. When you press that first "Search" button, two requests are sent. Once you press continue Facebook will send you a one time password reset link/code that can be used to change your password.
0 kommentar(er)
