Nothing to talk about, when the authentication failed, the packet capture tool burp modified to meet the requirements of the data packet. Modify the parameter flag, parameter USER-AGENT like.
defense
Strengthen verification, Anti-CSRF token defense mechanism CSRF attack, the use of PDO protection sql injection technology, code can not be bypassed, while requiring the user to enter a password before further strengthened authentication.
Reproduced in: https: //www.cnblogs.com/aeolian/p/11058792.html