Unauthorized access-Principles and actual combat

Others 2020-04-21 23:22:13 views: null

Introduction and actual combat

My little Xue is resurrected

Insert picture description here
Oops, I haven't updated in a few days. I just finished the homework after finishing the class. I didn't study for two days. I stab my heart hahaha. I watched the days pass by. The friends I know run fast and are also anxious.
Today's learning is overpowering, the difficulty is relatively simple, there is not too much bells and whistles, it is a little time-consuming and laborious.

Principle overview

If user A's authority is used to operate user B's data, A's authority is less than B's authority. If it can be successfully operated, it is called unauthorized operation. The reason for the unauthorized vulnerability is caused by unreasonable permission verification rules in the background.

General unauthorized vulnerabilities are prone to appear on the permission page (the page that needs to be logged in) where they are added, deleted, changed, or checked. When the user performs these operations on the information on the permission page, the background needs to verify the current user's permissions, see Whether it has the authority to operate, so as to give a response, and if the verification rules are too simple, it is prone to unauthorized loopholes.

Supplement: If there is a waf, priority is given to unauthorized vulnerabilities and logic vulnerabilities.
Get requests can be seen in the URL, and POST can only be seen in the data packet.

Unauthorized classification

Parallel override

User A and user B belong to the same level of users, but they cannot operate each other's personal information. If user A overrules B user's personal information, it is called parallel overrun operation.

Vertical override

The user A's authority is higher than that of the user B, and the situation where the user B's authority over the user A's authority is called vertical authority.

Actual test

	pikachu平台
		水平越权
			修改URL中姓名就可以绕过
				是因为没有判断session的问题



		垂直越权
			有一个超级管理员操作账号,和一个普通管理员账号
				管理员添加用户时抓包存到重发器
				抓一个普通用户的包
				用普通用户的cookie的phpsessID去执行已知的管理员页面的操作
				
			这种越权前提是知道管理员一些核心页面

defense

Need to determine whether to log in, and then determine whether the account session level is 1, if not satisfied, intercept

Gentle Little Xue
Published 117 original articles · praised 11 · visits 6450
Private letter concerns

Guess you like

Origin blog.csdn.net/weixin_43079958/article/details/105646902
Recommended
Linus is the most active in "eating dog food"!
Ranking
Share good programmer web front-end array and sorting, de-duplication and random roll call
Compilation error caused by cv_bridge and python version problems error: return-statement with no value, in function returning'void*' [-fpe
魔众帮助中心系统 v3.1.0 首页切换器,界面优化
Die beim Millimeterwellenradar-Integrationstest aufgetretene Grube (Multiprozessbindung an einen UDP-Port verursacht Probleme)
How to suppress the "requires transitive directive for an automatic module" warning properly?
LeetCode-1743. Restore the Array From Adjacent Pairs-Analysis and Code (Java)
Summer 2019 Summer soft essay 7 workers
Python中Assert断言的使用语法和例子
LeetCode one question per day (2021-2-3 sliding window median)
Fairchild, the ancestor of semiconductors, the legend of the first trillion-dollar start-up
Daily
More
2024-05-20(5)
2024-05-19(0)
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)

Code World

© 2018 codetd.com