Unauthorized code audit of access and repair

Others 2019-09-28 14:09:56 views: null

Unauthorized access, in the usual tests, should be relatively easy of a loophole, you only need to be scanned by software Sword, etc., it is possible to get an unauthorized access vulnerabilities.

However, what causes it, please listen to me Wei (xia) Wei (bi) Road (bi) to.

All of the following code is I wrote it myself, there may be unsightly, coding errors and so on, I hope you can correct me.

Vulnerability to explain

Below, this is a login box, login.php

file

In the usual test, we often try to directly access some of the key file, if it's validation code in question, we will be able to have direct access to normally inaccessible content

Here we have direct access to the index.php page

file

We can directly access to content only in the case of landing, to access to the

Next, we look at how the code is written

PS: In a normal project, may not be written like this, but here in order to facilitate understanding, it will be all code shorthand, the principle is the same

login.php

file

logins.php

file

index.php

file

file

PS: fun.php for the database manipulation functions comprising

I believe we can understand this part of the code

login.php landing page for the code, only one form form, where we can see that it is the content passed logins.php

logins.php content to receive a pass over the account password, first determine whether the account passwords are filled out, and then into a database query, if present, set the session and return to the successful landing, and jump to the session page; otherwise, it returns failed on landing .

Next, the main concern is the code of index.php file, here is our most important part caused by unauthorized access

file

Here I will uid when the query is set to 1 by default, facilitate our operations

Here we can clearly know that it did not conduct any testing, direct the sql query, and then you can view the contents of the page

Simple repair

Because when landing successfully, we set the session, where we can directly increase at the beginning of a session to determine the value, if the session does not exist, directly out, without sql query.

After the code is modified as follows

file

In this case the effect is

file

It can prevent unauthorized access

expand

Here is to mention, when writing code must determine the value of session, but can not determine the cookie, the cookie value is stored in a well-known client, it can be forged.

Classic case, please read - "classic case of MLM station tamper cookie into the background

No public debut article: unintentional balderdash (wuxinmengyi)

This is a record red team learning, Principal notes, personal growth number of public

Concern to scan code

file

Guess you like

Origin www.cnblogs.com/wuxinmengyi/p/11601398.html
Recommended
Ranking
#2019110700005
What materials and procedures are required for patent transfer
What is the blockchain Ethereum triplet state root transaction root receipt root
Front-end study notes 04 --- About the insertion of html pictures and videos
Documents required for the filing of WeChat Mini Programs in special industries, the filing process of WeChat Mini Programs in special industries, how to file WeChat Mini Programs in special industries
2017 Qingdao-site tournament I The Squared Mosquito Coil
[BZOJ3165][HEOI2013]Segment (line segment tree without marking)
Kettle series: KettleEasyExpand, an open source Kettle universal plugin by Ma Jinju
The latest tutorial on making framework for iOS
DAX Section 6: Statistical Functions
Daily
More
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)

Code World

© 2018 codetd.com