成佩涛-荔枝FM找回密码漏洞

       漏洞截图：

1、荔枝FM找回密码页面：

2、提交抓取到的报文：

forgotpwd	
loginTipBg.png	
2 requests ❘ 237 B transferred
HeadersPreviewResponse
Remote Address:210.14.152.118:80
Request URL:http://nj.lizhi.fm/account/forgotpwd
Request Method:POST
Status Code:200 OK
Request Headersview source
Accept:application/json, text/javascript, */*; q=0.01
Accept-Encoding:gzip,deflate
Accept-Language:zh-CN,zh;q=0.8,en;q=0.6
Connection:keep-alive
Content-Length:25
Content-Type:application/x-www-form-urlencoded; charset=UTF-8
Cookie:pgv_pvi=7220358144; pgv_si=s5863073792; Hm_lvt_45dcc777b283462d0db81563b6c09dbe=1411970847,1411971209,1411971414,1412508223; Hm_lpvt_45dcc777b283462d0db81563b6c09dbe=1412509161
Host:nj.lizhi.fm
Origin:http://nj.lizhi.fm
Referer:http://nj.lizhi.fm/account/[email protected]
User-Agent:Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.124 Safari/537.36
X-Requested-With:XMLHttpRequest
Form Dataview sourceview URL encoded
email:[email protected]
Response Headersview source
Connection:keep-alive
Content-Encoding:gzip
Content-Length:30
Content-Type:application/json; charset=utf-8
Date:Sun, 05 Oct 2014 11:39:24 GMT
Server:cfs
Vary:Accept-Encoding

3、从请求报文中获取请求地址及相关请求数据，并采用http模拟工具进行自动提交测试：

4、接下来，邮箱可以看到如下列表：

不用我说大家都清楚，邮箱会被刷爆，估计官方的邮箱发送量也会被刷爆，此处不敢多加猜测，没有做过彻底的试验！

5、接下来，注册一个正常的用户，试试找回功能是否还正常！

PS:这里特别说明一下：我之前的账号是[email protected]，现在注册的邮箱为：10445598/[email protected]

6、下面进行[email protected]邮箱的找回密码，试试功能是否还可以正常使用！

答案是：不能正常使用！

PS：以上为短时间测试，如有误差，欢迎前来交流！