Logic vulnerabilities and unauthorized Notes

Others 2020-01-16 16:10:36 views: null

Operations Branch

registered

There may be vulnerabilities:

  1. Any user registration
  2. SMS bombing / security code / password blasting
  3. Batch registered users
  4. Enumeration username / blasting
  5. SQL injection / storage type XSS

Landed

  1. SMS bombing / security code / password blasting
  2. SQL Injection
  3. You can hit library
  4. Empty password bypass / modify the password field to capture the value of the transmission null
  5. Alternatively authentication credentials / such returned data packet includes the account, the account will be able to modify other accounts login
  6. Permission to bypass / Cookie counterfeiting
  7. Third-party login, you can modify the package to return the relevant data may be logged on to other users

recover password

  1. SMS E-mail bombing / SMS mailbox hijacking
  2. Reset any user's password / code is not unified verification of mobile phone users
  3. Batch reset user passwords
  4. Seizure of a new password / validation step skip
  5. Local authentication, modify the return value

Purchase payment / recharge

  1. The transaction amount / quantity changes, the transaction amount does not have to 0.01, 1.00 and sometimes also OK
  2. Order transaction information encoding / Information Disclosure
  3. Integer overflow, int maximum 2147483647, exceeds the maximum value
  4. Modify the account recharge
  5. Repeatedly reproduced single request, high concurrency
  6. If the return parameters is when some strange parameters, the parameter can be added to the request packet and the retransmission

Sweepstakes

  1. Lottery cheats
  2. Brush prizes / integration
  3. High concurrency clicks in attendance, transfer, exchange, buy business can try

Coupons / vouchers

  1. Brush coupons / vouchers
  2. Modify the coupon amount / quantity

Freight

  1. Modify the amount of freight

order information

  1. Order Information traverse / leak
  2. Order information disclosure led to disclosure of user information
  3. Others delete orders

Member System

  1. Modify personal information is uploaded files, uploads with html popups
  2. Upload met as xlsx / docx, there may be xxe, document upload malicious blind test
  3. Picture upload You may also encounter imagereagick command is executed, the malicious upload pictures
  4. If uploads ffmpeg <3.2.4 (by video image is divided into frames), uploading malicious avi blind test ssrf
  5. Users lateral unauthorized access / iterate / lead to disclosure of user information
  6. SQL injection / XSS Profile Department store

Transfer process

  1. Account password in clear text transmission
  2. Modify the information at no session / token cause csrf
  3. POST / COOKIE injection

comment

  1. POST injection / storage XSS
  2. No session / token lead to CSRF

Vulnerabilities at

Code issues

  1. Universal code 0000,8888,1234
  2. Presence verification code is returned package
  3. Delete cookie verification code or value in the account password can blast

SMS bombing

  1. Replay packets
  2. Delete modify cookie, or to detect whether a packet related parameters, delete or modify, then replay packets
  3. +86 phone number plus front or behind the mobile phone number or the like spaces, and the retransmission data packet
  4. Sensitive parameter modification request, or a request to add a parameter such as & id = 1
  5. A site for a station could have made the protection, but may not have to get back at the security password, or no security during the registration process, so that multi-test interface
  6. If the batch registered user exists, each user can send text messages five times, but also to achieve mass bombing

Level ultra vires

  1. After the main landing or modify parameters, multiple interfaces continue to find major test
  2. Watch page source code, and sometimes there will form, but were bidden (hidden tags) to hide, you can modify the return package and then try to get the data detection
  3. Multiple accounts, analyzes the request parameters

Data Loss

  1. After retrieve your password, the fill data capture view return information, there may return sensitive data

Any user password reset

  1. Most of them are currently in place to change the password to modify parameters, the parameters username modified to a different user name
  2. Some front-end verification by using bp modify the return packet, how can we know the correct packet is kind of how? Direct try not to know

Guess you like

Origin www.cnblogs.com/nongchaoer/p/12201586.html
Recommended
The sixth meeting of openKylin Community Ecology Committee was successfully held
Alibaba Cloud officially releases Tongyi Qianwen 2.5
Python 3.13 releases first Beta: experimental free-threading mode and JIT, improved interactive interpreter
Stack Overflow used my code to train large AI models and banned my account.
Pop!_OS’s COSMIC desktop completes App Store listing
Report: Django is still the first choice for 74% of developers
"Internet Investment and Financing Operation in the First Quarter of 2024" Research Report
15 years ago, he was on the "FFmpeg pillar of shame", and today he still has to thank us - Tencent QQPlayer avenges its shame?
Ranking
Python handwritten digit recognition, the corresponding mathematical formulas and Detailed procedures
Der M-Chip-Mac implementiert mehrere Android-Emulatoren
CentOS 명령줄 모드에서 화면이 항상 켜져 있도록 설정 ---- 예상한 효과를 얻지 못했습니다.
Teach you step by step how to use GDB to debug programs: a comprehensive guide from entry to mastery
python3 pip ipython installation
A lot of python crawler source code sharing -- talk about the little thing about python crawler
Agile Sprint in Alpha Stage (7)
Access URL in Unity
FunctoinDemo form
MS SQL common SQL statements (6): create, modify, delete triggers and other operations sq
Daily
More
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)

Code World

© 2018 codetd.com