In a typical test, ultra vires is a relatively simple flaw, but is more of a type, because he may exist in a variety of parameters, it's still quite a lot of cases, there is only one kind of said, and I write here is only one of them may be the case.
All of the following code is I wrote it myself, there may be unsightly, coding errors and so on, I hope you can correct me.
Vulnerability to explain
A first landing accounts, view current content
Exit, landing two accounts
The contents of two accounts are not the same
Click Edit to enter the edit page
At this time, change the id value of the url, you can gain access to the contents of this do not have access to the
Thus, resulting in vulnerabilities ultra vires
We are here to make the code as used in the previous operation
The problem here is with the, the sql statement query, direct access to id, then direct sql queries, and does not determine whether the user's content
Simple repair
As already said, see, the problem is out in the sql query, so only when the inquiry, along with a query whether the current user's content on it.
Look at the results
PS: This is just one case, there may be other situations that I did not think, I hope we can put forward
No public debut article: unintentional balderdash (wuxinmengyi)
This is a record red team learning, Principal notes, personal growth number of public
Concern to scan code
