Logic vulnerability-token bypass
Others
2021-03-07 10:20:54
views: null
No echo on the front end
- See if there is a pattern, if it can be blasted, generally not
There is an echo on the front end
- Take Pikachu as an example
- Check the front-end source code and find that the token exists
- Add the location of the blast
- The thread must be set to 1, because if multithreading means multiple package tokens, it will not be allowed
- Click on always at that location
- Add the found token in the grep position in the options and add the token
- Select this for the token position
- Start blasting, you can see that the token is different every time you blast
Origin blog.csdn.net/weixin_44110913/article/details/109368455