当前位置:网站首页>DAY25: Logic Vulnerability
DAY25: Logic Vulnerability
2022-08-10 08:32:00 【EdmunDJK】
DAY25: Logic Vulnerability
1. Introduction to Logic Vulnerabilities
Logic loopholes refer to the fact that some logic branches cannot properly handle or handle errors due to imprecise program logic or too complicated logic.In layman's terms: After a system has too many functions, it is difficult for program developers to think comprehensively, and there may be omissions in some places, or they may not be handled correctly, resulting in logical loopholes.Logic loopholes can also be said to be errors in the thinking of program developers and loopholes in the logic of program developers.
1.1, Vulnerability Type
(1) traversal
(2) Urban
(3) Payment
(4) Conditional competition
1.2, Features
Very hidden and dangerous
2, unauthorized vulnerability
2.1, Vulnerability Overview
Ultra vires is beyond the scope of authority or power.Most web applications have permission division and control, but if there are flaws in the design of permission control functions, attackers can use these flaws to access unauthorized functions or data, which is what we usually call ultra-privilege vulnerabilities.After the attacker oversteps his authority, he can perform some operations, such as viewing sensitive information, performing some operations such as addition, deletion, modification, and inspection.An unauthorized vulnerability is a very common logical security vulnerability.It is because the server side trusts the data operation request put forward by the client too much and ignores the judgment of the user's operation authority. As a result, modifying the relevant parameters can have the functions of adding, deleting, checking, and changing other accounts, resulting in an unauthorized vulnerability.
2.2, Vulnerability Type
(1) Horizontal override
Refers to an attacker attempting to access a user resource that has the same permissions as him.
(2) Vertical override
Vertical override is a loophole caused by the design flaw of "URL-based access control". Vertical override can be divided into two types, namely upward override and downward override.
3. Payment loopholes
3.1, Vulnerability Overview
Payment loopholes are loopholes at the business logic level in the payment process of the system.There may be payment loopholes in all functions involving purchase, payment, etc.
You can also use some conditional competition or weak type comparison
4, verification code vulnerability
4.1, Vulnerability Overview
As a means of distinguishing between humans and machines, CAPTCHA plays an important role in the field of computer security.Without the verification code, attackers can illegally take over user accounts through brute force cracking, or perform arbitrary user registration on the website.The purpose of setting the verification code is to prevent automatic attacks, but if it is not designed well, it will be useless, so understanding the principle of verification code and the reasons for the loopholes will help to improve the security index of the website in a more comprehensive way
4.2. Mechanism of verification code
Step1: Client initiates a request
Step2: The server responds and creates a new SessionID
and generates a random verification code
Step3: Return the verification code and SessionID
to the client together
Step4: The client submits the verification code together with the SessionID
to the server
Step5: The server verifies the verification code and destroys the current session and returns the result to the client
4.3, verification code classification
(1) Picture verification code
(2) SMS verification code
(3) Behavioral verification code
(4) Voice verification code
(5) Video verification code
4.4. Use of verification code
(1) The verification code can be blasted
(2) The verification code will be echoed back
(3) Fixed verification code
(4) The verification code can be guessed
(5) The verification code can be bypassed
(6) The verification code is invalid
(7) The verification code is generated and verified by the client
5, verification code vulnerability
(1) Use a strong verification code
(2) The verification code should not be generated by the client or returned to the client
(3) During development, the system pays attention to the verification and identification and destroys the verification code in the session
(4) Restricting the verification code submitted by the user cannot be empty, and the server will perform a secondary verification of the verification code on the mobile phone/email. Strong security verification code
(2) The verification code should not be generated by the client or returned to the client
(3) During development, the system pays attention to the verification and identification and destroys the verification code in the session
(4) The verification code submitted by the user is restricted from being empty, and the server performs a secondary verification on the verification code of the mobile phone/email
边栏推荐
- Synchronization lock synchronized traces the source
- 详解构建mock服务最方便的神器——Moco
- 问下cdc mysql to doris.不显示具体行数,怎么办?
- 模糊查询除了like+ % 还能用什么方式
- Solve the problem that the win10win7win8 system cannot find the specified module and cannot register the desert plug-in
- Class Notes (7) (1) - #647. Find the root and the child (root)
- Day36 LeetCode
- dayjs-----time format
- 硬件工程师90天学习资料及笔记汇总
- day16--The use of the packet capture tool Charles
猜你喜欢
随机推荐
【微信小程序】一文读懂页面导航
【OAuth2】二十、OAuth2扩展协议 PKCE
day16--抓包工具Charles的使用
Process management (dynamic)
明明加了唯一索引,为什么还是产生重复数据?
并查集模板
ABAP Data Types 和XSD Type 映射关系以及XSD Type属性
如何远程调试对方的H5页面
phpstudy开机自启
协同工具满足70%-90%的工作需求,成为企业香饽饽
【FAQ】【Push Kit】推送服务,回执配置一直报错、回执过期修改、怎么删除配置的回执
DGIOT 30 million meters set pressure reading
【搜索引擎】Solr:提高批量索引的性能
Unity—UGUI控件
The sixteenth day & the basic operation of charles
VMware ESX Server常用命令行
Quickly enter the current date and time
11111
[In-depth study of 4G/5G/6G topic-56]: L3 signaling control-5-radio bearer management
Question brushing tool h