当前位置:网站首页>DAY25: Logic Vulnerability
DAY25: Logic Vulnerability
2022-08-10 08:32:00 【EdmunDJK】
DAY25: Logic Vulnerability
1. Introduction to Logic Vulnerabilities
Logic loopholes refer to the fact that some logic branches cannot properly handle or handle errors due to imprecise program logic or too complicated logic.In layman's terms: After a system has too many functions, it is difficult for program developers to think comprehensively, and there may be omissions in some places, or they may not be handled correctly, resulting in logical loopholes.Logic loopholes can also be said to be errors in the thinking of program developers and loopholes in the logic of program developers.
1.1, Vulnerability Type
(1) traversal
(2) Urban
(3) Payment
(4) Conditional competition
1.2, Features
Very hidden and dangerous
2, unauthorized vulnerability
2.1, Vulnerability Overview
Ultra vires is beyond the scope of authority or power.Most web applications have permission division and control, but if there are flaws in the design of permission control functions, attackers can use these flaws to access unauthorized functions or data, which is what we usually call ultra-privilege vulnerabilities.After the attacker oversteps his authority, he can perform some operations, such as viewing sensitive information, performing some operations such as addition, deletion, modification, and inspection.An unauthorized vulnerability is a very common logical security vulnerability.It is because the server side trusts the data operation request put forward by the client too much and ignores the judgment of the user's operation authority. As a result, modifying the relevant parameters can have the functions of adding, deleting, checking, and changing other accounts, resulting in an unauthorized vulnerability.
2.2, Vulnerability Type
(1) Horizontal override
Refers to an attacker attempting to access a user resource that has the same permissions as him.
(2) Vertical override
Vertical override is a loophole caused by the design flaw of "URL-based access control". Vertical override can be divided into two types, namely upward override and downward override.
3. Payment loopholes
3.1, Vulnerability Overview
Payment loopholes are loopholes at the business logic level in the payment process of the system.There may be payment loopholes in all functions involving purchase, payment, etc.
You can also use some conditional competition or weak type comparison
4, verification code vulnerability
4.1, Vulnerability Overview
As a means of distinguishing between humans and machines, CAPTCHA plays an important role in the field of computer security.Without the verification code, attackers can illegally take over user accounts through brute force cracking, or perform arbitrary user registration on the website.The purpose of setting the verification code is to prevent automatic attacks, but if it is not designed well, it will be useless, so understanding the principle of verification code and the reasons for the loopholes will help to improve the security index of the website in a more comprehensive way
4.2. Mechanism of verification code
Step1: Client initiates a request
Step2: The server responds and creates a new SessionID
and generates a random verification code
Step3: Return the verification code and SessionID
to the client together
Step4: The client submits the verification code together with the SessionID
to the server
Step5: The server verifies the verification code and destroys the current session and returns the result to the client
4.3, verification code classification
(1) Picture verification code
(2) SMS verification code
(3) Behavioral verification code
(4) Voice verification code
(5) Video verification code
4.4. Use of verification code
(1) The verification code can be blasted
(2) The verification code will be echoed back
(3) Fixed verification code
(4) The verification code can be guessed
(5) The verification code can be bypassed
(6) The verification code is invalid
(7) The verification code is generated and verified by the client
5, verification code vulnerability
(1) Use a strong verification code
(2) The verification code should not be generated by the client or returned to the client
(3) During development, the system pays attention to the verification and identification and destroys the verification code in the session
(4) Restricting the verification code submitted by the user cannot be empty, and the server will perform a secondary verification of the verification code on the mobile phone/email. Strong security verification code
(2) The verification code should not be generated by the client or returned to the client
(3) During development, the system pays attention to the verification and identification and destroys the verification code in the session
(4) The verification code submitted by the user is restricted from being empty, and the server performs a secondary verification on the verification code of the mobile phone/email
边栏推荐
- 颜色选择器的使用
- js读取excel时间格式转换
- Synchronization lock synchronized traces the source
- 90. (cesium house) cesium height monitoring events
- 高性能短连接设计
- 差分、前缀和模板
- 硬件工程师90天学习资料及笔记汇总
- The precise effect of network integration promotion outsourcing in the era of Internet of Things-Shenzhen Win-Win World News
- Day37 LeetCode
- 同步锁synchronized追本溯源
猜你喜欢
The implementation of the seemingly useless component (text gradient) in NaiveUI is so simple
js函数聚合的三种实现方式
Solve the problem that the win10win7win8 system cannot find the specified module and cannot register the desert plug-in
Rust learning: 6.3_ Tuples of composite types
深度剖析“八大排序”(上)_ 探寻一些不为人知的细节
如何远程调试对方的H5页面
第十六天&charles的基本操作
【搜索引擎】Solr:提高批量索引的性能
VS2013-调试汇编代码-生成asm文件-结构体内存布局-函数参数压栈-调用约定
day16--The use of the packet capture tool Charles
随机推荐
J9 Number Theory: Macro Analysis of DAO Characteristics
NaiveUI中看起来没啥用的组件(文字渐变)实现原来这么简单
nrm 使用详解
MySQL的用户临时表与内部临时表
基于sklearn的决策树应用实战
本地生活商家如何通过短视频赛道,提升销量曝光量?
Using the color picker
大佬们,请问一下,oraclecdc报错没有序列化,可是我看源码中的确是没有继承序列化的,是什么原因
DAY25:逻辑漏洞
Rust learning: 6.3_ Tuples of composite types
[机缘参悟-65]:《兵者,诡道也》-7-三十六计解读-败战计
Go-Excelize API源码阅读(十一)—— GetActiveSheetIndex()
[深入研究4G/5G/6G专题-56]: L3信令控制-5-无线承载管理
iwemeta元宇宙:一个娃娃卖9999元,泡泡玛特认为一点也不贵
dayjs-----time format
phpstudy开机自启
js reads excel time format conversion
大体来讲,网站会被攻击分为几种原因
Linux下载安装MySql
阿里云数据库 RDS SQL Server 版的服务器绑定域名www.cxsdkt.cn.的呢?