当前位置：网站首页>Penetration testing - logic vulnerability topic

Penetration testing - logic vulnerability topic

2022-06-22 02:28:00 【amingMM】

Special topic on logical vulnerabilities

1.3 Password recovery vulnerability ~1
1、 Password reset
Ultra vires
Payment logic loopholes
Unauthorized access holes -Over permission Management account ultra vires
Ultra vires loophole

1.3 Password recovery vulnerability ~1

Insert picture description here

1、 Password reset

The general design of password reset is divided into the following four steps ：

1. Enter account name

Insert picture description here

2. Verify identity

Insert picture description here

3. Reset password

Insert picture description here

 4. complete

Usually vulnerabilities exist in 2 perhaps 3 In the step , Let's take a look at some common ways to reset password vulnerabilities .

2、 Use at will
3、 Unauthorized operation

The idea of digging logical loopholes
1、 Various echo （ Verification code echo , Echo user credentials , Personal information echo ）
2、 Various reversible （ There is a danger of collision at the landing site , User credentials found ）
3、 Logical order （）

Insert picture description here

Ultra vires

Insert picture description here

Payment logic loopholes

Insert picture description here

Unauthorized access holes -Over permission Management account ultra vires

Unauthorized access holes

1.3 Password recovery vulnerability ~1
1、 Password reset
Ultra vires
Payment logic loopholes
Unauthorized access holes -Over permission Management account ultra vires
Ultra vires loophole

Over permission If you use A User's authority to operate B User's data ,A Is less than B Authority , If it works successfully , It is called ultra vires operation .
The reason for ultra vires loopholes is that the background uses Unreasonable permission verification rules lead to . General ultra vires vulnerability is easy to appear in the permission page （ The page you need to log in to ） increase 、 Delete 、 Change 、 Where I checked ,
When the user performs these operations on the information in the permission page , The background needs to Verify the permissions of the current user , See if it has the right to operate ,
And then give the response , However, if the rules of verification are too simple, it is prone to ultra vires loopholes . therefore , In authority management, you should follow ：
1. Use the principle of minimum permission to empower users ;2. Reasonable use （ Strictly ） Permission verification rules ;3. Use the background login status as a condition for permission judgment , Don't blindly use the conditions transmitted from the front end ;

Insert picture description here