论坛 › web app渗透测试::『Web App penetration testing』 › 逻辑漏洞之绕过验证漏洞演示

admin 发表于 2018-11-18 21:02:27

逻辑漏洞之绕过验证漏洞演示

<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
<meta name="ProgId" content="Word.Document" />
<meta name="Generator" content="Microsoft Word 12" />
<meta name="Originator" content="Microsoft Word 12" />
<link rel="File-List" href="https://9kb.org/admin/a479c84ee8a93da0ef378490c44ebcca.files/filelist.xml" />
<link rel="Edit-Time-Data" href="https://9kb.org/admin/a479c84ee8a93da0ef378490c44ebcca.files/editdata.mso" />
<!-->
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<!--><!--><xml>
<o:documentproperties>
<o:author>Windows 用户</o:author>
<o:template>Normal</o:template>
<o:lastauthor>SYSTEM</o:lastauthor>
<o:revision>2</o:revision>
<o:totaltime>1</o:totaltime>
<o:created>2018-11-18T12:57:00Z</o:created>
<o:lastsaved>2018-11-18T12:57:00Z</o:lastsaved>
<o:pages>3</o:pages>
<o:words>276</o:words>
<o:characters>1579</o:characters>
<o:lines>13</o:lines>
<o:paragraphs>3</o:paragraphs>
<o:characterswithspaces>1852</o:characterswithspaces>
<o:version>12.00</o:version>
</o:documentproperties>
</xml><!-->
<link rel="themeData" href="https://9kb.org/admin/a479c84ee8a93da0ef378490c44ebcca.files/themedata.thmx" />
<link rel="colorSchemeMapping" href="https://9kb.org/admin/a479c84ee8a93da0ef378490c44ebcca.files/colorschememapping.xml" />
<!--><xml>
<w:worddocument>
<w:trackmoves>false</w:trackmoves>
<w:trackformatting />
<w:punctuationkerning />
<w:drawinggridverticalspacing>7.8 磅</w:drawinggridverticalspacing>
<w:displayhorizontaldrawinggridevery>0</w:displayhorizontaldrawinggridevery>
<w:displayverticaldrawinggridevery>2</w:displayverticaldrawinggridevery>
<w:validateagainstschemas />
<w:saveifxmlinvalid>false</w:saveifxmlinvalid>
<w:ignoremixedcontent>false</w:ignoremixedcontent>
<w:alwaysshowplaceholdertext>false</w:alwaysshowplaceholdertext>
<w:donotpromoteqf />
<w:lidthemeother>EN-US</w:lidthemeother>
<w:lidthemeasian>ZH-CN</w:lidthemeasian>
<w:lidthemecomplexscript>X-NONE</w:lidthemecomplexscript>
<w:compatibility>
   <w:spaceforul />
   <w:balancesinglebytedoublebytewidth />
   <w:donotleavebackslashalone />
   <w:ultrailspace />
   <w:donotexpandshiftreturn />
   <w:adjustlineheightintable />
   <w:breakwrappedtables />
   <w:snaptogridincell />
   <w:wraptextwithpunct />
   <w:useasianbreakrules />
   <w:dontgrowautofit />
   <w:splitpgbreakandparamark />
   <w:dontvertaligncellwithsp />
   <w:dontbreakconstrainedforcedtables />
   <w:dontvertalignintxbx />
   <w:word11kerningpairs />
   <w:cachedcolbalance />
   <w:usefelayout />
</w:compatibility>
<m:mathpr>
   <m:mathfont m:val="Cambria Math" />
   <m:brkbin m:val="before" />
   <m:brkbinsub m:val="--" />
   <m:smallfrac m:val="off" />
   <m:dispdef />
   <m:lmargin m:val="0" />
   <m:rmargin m:val="0" />
   <m:defjc m:val="centerGroup" />
   <m:wrapindent m:val="1440" />
   <m:intlim m:val="subSup" />
   <m:narylim m:val="undOvr" />
</m:mathpr></w:worddocument>
</xml><!--><!--><xml>
<w:latentstyles deflockedstate="false" defunhidewhenused="true" defsemihidden="true" defqformat="false" defpriority="99" latentstylecount="267">
<w:lsdexception locked="false" priority="0" semihidden="false" unhidewhenused="false" qformat="true" name="Normal" />
<w:lsdexception locked="false" priority="9" semihidden="false" unhidewhenused="false" qformat="true" name="heading 1" />
<w:lsdexception locked="false" priority="9" qformat="true" name="heading 2" />
<w:lsdexception locked="false" priority="9" qformat="true" name="heading 3" />
<w:lsdexception locked="false" priority="9" qformat="true" name="heading 4" />
<w:lsdexception locked="false" priority="9" qformat="true" name="heading 5" />
<w:lsdexception locked="false" priority="9" qformat="true" name="heading 6" />
<w:lsdexception locked="false" priority="9" qformat="true" name="heading 7" />
<w:lsdexception locked="false" priority="9" qformat="true" name="heading 8" />
<w:lsdexception locked="false" priority="9" qformat="true" name="heading 9" />
<w:lsdexception locked="false" priority="39" name="toc 1" />
<w:lsdexception locked="false" priority="39" name="toc 2" />
<w:lsdexception locked="false" priority="39" name="toc 3" />
<w:lsdexception locked="false" priority="39" name="toc 4" />
<w:lsdexception locked="false" priority="39" name="toc 5" />
<w:lsdexception locked="false" priority="39" name="toc 6" />
<w:lsdexception locked="false" priority="39" name="toc 7" />
<w:lsdexception locked="false" priority="39" name="toc 8" />
<w:lsdexception locked="false" priority="39" name="toc 9" />
<w:lsdexception locked="false" priority="35" qformat="true" name="caption" />
<w:lsdexception locked="false" priority="10" semihidden="false" unhidewhenused="false" qformat="true" name="Title" />
<w:lsdexception locked="false" priority="1" name="Default Paragraph Font" />
<w:lsdexception locked="false" priority="11" semihidden="false" unhidewhenused="false" qformat="true" name="Subtitle" />
<w:lsdexception locked="false" priority="22" semihidden="false" unhidewhenused="false" qformat="true" name="Strong" />
<w:lsdexception locked="false" priority="20" semihidden="false" unhidewhenused="false" qformat="true" name="Emphasis" />
<w:lsdexception locked="false" priority="59" semihidden="false" unhidewhenused="false" name="Table Grid" />
<w:lsdexception locked="false" unhidewhenused="false" name="Placeholder Text" />
<w:lsdexception locked="false" priority="1" semihidden="false" unhidewhenused="false" qformat="true" name="No Spacing" />
<w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading" />
<w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List" />
<w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid" />
<w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1" />
<w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2" />
<w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1" />
<w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2" />
<w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1" />
<w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2" />
<w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3" />
<w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List" />
<w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading" />
<w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List" />
<w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid" />
<w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 1" />
<w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 1" />
<w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 1" />
<w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 1" />
<w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 1" />
<w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 1" />
<w:lsdexception locked="false" unhidewhenused="false" name="Revision" />
<w:lsdexception locked="false" priority="34" semihidden="false" unhidewhenused="false" qformat="true" name="List Paragraph" />
<w:lsdexception locked="false" priority="29" semihidden="false" unhidewhenused="false" qformat="true" name="Quote" />
<w:lsdexception locked="false" priority="30" semihidden="false" unhidewhenused="false" qformat="true" name="Intense Quote" />
<w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 1" />
<w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 1" />
<w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 1" />
<w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 1" />
<w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 1" />
<w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 1" />
<w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 1" />
<w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 1" />
<w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 2" />
<w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 2" />
<w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 2" />
<w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 2" />
<w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 2" />
<w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 2" />
<w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 2" />
<w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 2" />
<w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 2" />
<w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 2" />
<w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 2" />
<w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 2" />
<w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 2" />
<w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 2" />
<w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 3" />
<w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 3" />
<w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 3" />
<w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 3" />
<w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 3" />
<w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 3" />
<w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 3" />
<w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 3" />
<w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 3" />
<w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 3" />
<w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 3" />
<w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 3" />
<w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 3" />
<w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 3" />
<w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 4" />
<w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 4" />
<w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 4" />
<w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 4" />
<w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 4" />
<w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 4" />
<w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 4" />
<w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 4" />
<w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 4" />
<w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 4" />
<w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 4" />
<w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 4" />
<w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 4" />
<w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 4" />
<w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 5" />
<w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 5" />
<w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 5" />
<w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 5" />
<w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 5" />
<w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 5" />
<w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 5" />
<w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 5" />
<w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 5" />
<w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 5" />
<w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 5" />
<w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 5" />
<w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 5" />
<w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 5" />
<w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 6" />
<w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 6" />
<w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 6" />
<w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 6" />
<w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 6" />
<w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 6" />
<w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 6" />
<w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 6" />
<w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 6" />
<w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 6" />
<w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 6" />
<w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 6" />
<w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 6" />
<w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 6" />
<w:lsdexception locked="false" priority="19" semihidden="false" unhidewhenused="false" qformat="true" name="Subtle Emphasis" />
<w:lsdexception locked="false" priority="21" semihidden="false" unhidewhenused="false" qformat="true" name="Intense Emphasis" />
<w:lsdexception locked="false" priority="31" semihidden="false" unhidewhenused="false" qformat="true" name="Subtle Reference" />
<w:lsdexception locked="false" priority="32" semihidden="false" unhidewhenused="false" qformat="true" name="Intense Reference" />
<w:lsdexception locked="false" priority="33" semihidden="false" unhidewhenused="false" qformat="true" name="Book Title" />
<w:lsdexception locked="false" priority="37" name="Bibliography" />
<w:lsdexception locked="false" priority="39" qformat="true" name="TOC Heading" />
</w:latentstyles>
</xml><!-->
<style>
<!-- /* Font Definitions */ @font-face {font-family:宋体; panose-1:2 1 6 0 3 1 1 1 1 1; mso-font-alt:SimSun; mso-font-charset:134; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:3 135135232 16 0 262145 0;} @font-face {font-family:"Cambria Math"; panose-1:2 4 5 3 5 4 6 3 2 4; mso-font-charset:0; mso-generic-font-family:roman; mso-font-pitch:variable; mso-font-signature:-1610611985 1107304683 0 0 159 0;} @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:-1610611985 1073750139 0 0 159 0;} @font-face {font-family:Simsun; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-alt:"Times New Roman"; mso-font-charset:0; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:auto; mso-font-signature:0 0 0 0 0 0;} @font-face {font-family:"\@宋体"; panose-1:2 1 6 0 3 1 1 1 1 1; mso-font-charset:134; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:3 135135232 16 0 262145 0;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-unhide:no; mso-style-qformat:yes; mso-style-parent:""; margin:0cm; margin-bottom:.0001pt; text-align:justify; text-justify:inter-ideograph; mso-pagination:none; font-size:10.5pt; mso-bidi-font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:宋体; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi; mso-font-kerning:1.0pt;} p.MsoAcetate, li.MsoAcetate, div.MsoAcetate {mso-style-noshow:yes; mso-style-priority:99; mso-style-link:"批注框文本 Char"; margin:0cm; margin-bottom:.0001pt; text-align:justify; text-justify:inter-ideograph; mso-pagination:none; font-size:9.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:宋体; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi; mso-font-kerning:1.0pt;} span.Char {mso-style-name:"批注框文本 Char"; mso-style-noshow:yes; mso-style-priority:99; mso-style-unhide:no; mso-style-locked:yes; mso-style-link:批注框文本; mso-ansi-font-size:9.0pt; mso-bidi-font-size:9.0pt;} .MsoChpDefault {mso-style-type:export-only; mso-default-props:yes; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} /* Page Definitions */ @page {mso-page-border-surround-header:no; mso-page-border-surround-footer:no;} @page Section1 {size:595.3pt 841.9pt; margin:72.0pt 90.0pt 72.0pt 90.0pt; mso-header-margin:42.55pt; mso-footer-margin:49.6pt; mso-paper-source:0; layout-grid:15.6pt;} div.Section1 {page:Section1;} -->
</style>
<!-->
<style>
/* Style Definitions */
table.MsoNormalTable
        {mso-style-name:普通表格;
        mso-tstyle-rowband-size:0;
        mso-tstyle-colband-size:0;
        mso-style-noshow:yes;
        mso-style-priority:99;
        mso-style-qformat:yes;
        mso-style-parent:"";
        mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
        mso-para-margin:0cm;
        mso-para-margin-bottom:.0001pt;
        mso-pagination:widow-orphan;
        font-size:10.5pt;
        mso-bidi-font-size:11.0pt;
        font-family:"Calibri","sans-serif";
        mso-ascii-font-family:Calibri;
        mso-ascii-theme-font:minor-latin;
        mso-hansi-font-family:Calibri;
        mso-hansi-theme-font:minor-latin;
        mso-font-kerning:1.0pt;}
</style>
<!--><!--><xml>
<o:shapedefaults v:ext="edit" spidmax="3074" />
</xml><!--><!--><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><!-->
<div class="Section1" style="layout-grid:15.6pt;">
        <p class="MsoNormal" style="mso-pagination:widow-orphan;">
                <span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br />
</span><b><span style="font-size:12.0pt;font-family:宋体;mso-ascii-font-family:Simsun;mso-hansi-font-family:Simsun;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">本文中提供的例子均来自网络已公开测试的例子，仅供参考。</span></b><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br />
<br />
</span><span style="font-size:12.0pt;font-family:宋体;mso-ascii-font-family:Simsun;mso-hansi-font-family:Simsun;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">本期带来绕过验证漏洞。为了保障业务系统的安全，几乎每个系统都会存在各种各样的验证功能。常见的几种验证功能就包括账号密码验证、验证码验证、</span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">JavaScript</span><span style="font-size:12.0pt;font-family:宋体;mso-ascii-font-family:Simsun;mso-hansi-font-family:Simsun;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">数据验证及服务端数据验证等等，但程序员在涉及验证方法时可能存在缺陷导致被绕过，于是斗哥总结了以下几种绕过验证的姿势和大家一起讨论讨论</span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">~<br style="mso-special-character:line-break;" />
<!----><br style="mso-special-character:line-break;" />
<!----><o:p></o:p></span>
        </p>
        <p class="MsoNormal" style="mso-pagination:widow-orphan;">
                <span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;mso-no-proof:yes;"><!--><v:shapetype id="_x0000_t75" coordsize="21600,21600" o:spt="75" o:preferrelative="t" path="m@4@5l@4@11@9@11@9@5xe" filled="f" stroked="f">
<v:stroke joinstyle="miter" />
<v:formulas>
<v:f eqn="if lineDrawn pixelLineWidth 0" />
<v:f eqn="sum @0 1 0" />
<v:f eqn="sum 0 0 @1" />
<v:f eqn="prod @2 1 2" />
<v:f eqn="prod @3 21600 pixelWidth" />
<v:f eqn="prod @3 21600 pixelHeight" />
<v:f eqn="sum @0 0 1" />
<v:f eqn="prod @6 1 2" />
<v:f eqn="prod @7 21600 pixelWidth" />
<v:f eqn="sum @8 21600 0" />
<v:f eqn="prod @7 21600 pixelHeight" />
<v:f eqn="sum @10 21600 0" />
</v:formulas>
<v:path o:extrusionok="f" gradientshapeok="t" o:connecttype="rect" />
<o:lock v:ext="edit" aspectratio="t" />
</v:shapetype><v:shape id="aimg_77759" o:spid="_x0000_i1049" type="#_x0000_t75" alt="https://bbs.ichunqiu.com/data/attachment/forum/201811/13/140201w3s7sf3qhefvhwqf.jpg.thumb.jpg" style="width:374.25pt;height:93.75pt;visibility:visible;mso-wrap-style:square;">
<v:imagedata src="https://9kb.org/admin/a479c84ee8a93da0ef378490c44ebcca.files/image001.jpg" o:title="140201w3s7sf3qhefvhwqf.jpg.thumb" />
</v:shape><!--><!----><img width="499" height="125" src="https://9kb.org/admin/a479c84ee8a93da0ef378490c44ebcca.files/image001.jpg" alt="https://bbs.ichunqiu.com/data/attachment/forum/201811/13/140201w3s7sf3qhefvhwqf.jpg.thumb.jpg" v:shapes="aimg_77759" /><!----></span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><o:p></o:p></span>
        </p>
        <p class="MsoNormal" style="mso-pagination:widow-orphan;">
                <span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br />
</span><b><span style="font-size:12.0pt;font-family:宋体;mso-ascii-font-family:Simsun;mso-hansi-font-family:Simsun;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">客户端校验绕过</span></b><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br />
<br />
</span><span style="font-size:12.0pt;font-family:宋体;mso-ascii-font-family:Simsun;mso-hansi-font-family:Simsun;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">客户端校验是常见的一种校验方式，也就是在客户端校验用户的输入，将校验结果作为参数发送至服务端，或利用前端语言限制用户的非法输入和操作。面对此类的校验方法可以通过修改前端语言或者在传输中对参数进行篡改来绕过验证。</span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br />
<br />
</span><b><span style="font-size:12.0pt;font-family:宋体;mso-ascii-font-family:Simsun;mso-hansi-font-family:Simsun;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">举个栗子：</span></b><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br />
<br />
a). </span><span style="font-size:12.0pt;font-family:宋体;mso-ascii-font-family:Simsun;mso-hansi-font-family:Simsun;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">某系统需要购买才能观看视频，不同的课程以</span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">ID</span><span style="font-size:12.0pt;font-family:宋体;mso-ascii-font-family:Simsun;mso-hansi-font-family:Simsun;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">划分。</span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br style="mso-special-character:line-break;" />
<!----><br style="mso-special-character:line-break;" />
<!----><o:p></o:p></span>
        </p>
        <p class="MsoNormal" style="mso-pagination:widow-orphan;">
                <span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;mso-no-proof:yes;"><!--><v:shape id="aimg_77760" o:spid="_x0000_i1048" type="#_x0000_t75" alt="https://bbs.ichunqiu.com/data/attachment/forum/201811/13/140240th52gzhsmbr8mcmb.jpg.thumb.jpg" style="width:374.25pt;height:249.75pt;visibility:visible;mso-wrap-style:square;">
<v:imagedata src="https://9kb.org/admin/a479c84ee8a93da0ef378490c44ebcca.files/image002.jpg" o:title="140240th52gzhsmbr8mcmb.jpg.thumb" />
</v:shape><!--><!----><img width="499" height="333" src="https://9kb.org/admin/a479c84ee8a93da0ef378490c44ebcca.files/image002.jpg" alt="https://bbs.ichunqiu.com/data/attachment/forum/201811/13/140240th52gzhsmbr8mcmb.jpg.thumb.jpg" v:shapes="aimg_77760" /><!----></span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><o:p></o:p></span>
        </p>
        <p class="MsoNormal" style="mso-pagination:widow-orphan;">
                <span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br />
b).&nbsp;&nbsp;</span><span style="font-size:12.0pt;font-family:宋体;mso-ascii-font-family:Simsun;mso-hansi-font-family:Simsun;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">发现是否付费只靠前端</span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">js</span><span style="font-size:12.0pt;font-family:宋体;mso-ascii-font-family:Simsun;mso-hansi-font-family:Simsun;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">控制，更改</span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">courseID</span><span style="font-size:12.0pt;font-family:宋体;mso-ascii-font-family:Simsun;mso-hansi-font-family:Simsun;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">就可以看到不同的课程，</span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">recordURL</span><span style="font-size:12.0pt;font-family:宋体;mso-ascii-font-family:Simsun;mso-hansi-font-family:Simsun;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">就是视频播放的链接，无需登录即可播放。</span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br style="mso-special-character:line-break;" />
<!----><br style="mso-special-character:line-break;" />
<!----><o:p></o:p></span>
        </p>
        <p class="MsoNormal" style="mso-pagination:widow-orphan;">
                <span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;mso-no-proof:yes;"><!--><v:shape id="aimg_77761" o:spid="_x0000_i1047" type="#_x0000_t75" alt="https://bbs.ichunqiu.com/data/attachment/forum/201811/13/140309yetjljlyaelozzej.jpg.thumb.jpg" style="width:374.25pt;height:227.25pt;visibility:visible;mso-wrap-style:square;">
<v:imagedata src="https://9kb.org/admin/a479c84ee8a93da0ef378490c44ebcca.files/image003.jpg" o:title="140309yetjljlyaelozzej.jpg.thumb" />
</v:shape><!--><!----><img width="499" height="303" src="https://9kb.org/admin/a479c84ee8a93da0ef378490c44ebcca.files/image003.jpg" alt="https://bbs.ichunqiu.com/data/attachment/forum/201811/13/140309yetjljlyaelozzej.jpg.thumb.jpg" v:shapes="aimg_77761" /><!----></span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><o:p></o:p></span>
        </p>
        <p class="MsoNormal" style="mso-pagination:widow-orphan;">
                <span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br />
c). </span><span style="font-size:12.0pt;font-family:宋体;mso-ascii-font-family:Simsun;mso-hansi-font-family:Simsun;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">根据播放地址中的</span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">videoCode</span><span style="font-size:12.0pt;font-family:宋体;mso-ascii-font-family:Simsun;mso-hansi-font-family:Simsun;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">，可获取视频下载地址</span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">:<br />
<br />
http://*.*.*.*/v3/resource/video/queryurl?jsoncallback=cb&amp;quality=3&amp;audioIndex=0&amp;types=1&amp;videoCode={videoCode}<br />
<br />
</span><span style="font-size:12.0pt;font-family:宋体;mso-ascii-font-family:Simsun;mso-hansi-font-family:Simsun;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">所得</span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">urls</span><span style="font-size:12.0pt;font-family:宋体;mso-ascii-font-family:Simsun;mso-hansi-font-family:Simsun;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">为视频下载地址。</span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br style="mso-special-character:line-break;" />
<!----><br style="mso-special-character:line-break;" />
<!----><o:p></o:p></span>
        </p>
        <p class="MsoNormal" style="mso-pagination:widow-orphan;">
                <span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;mso-no-proof:yes;"><!--><v:shape id="aimg_77762" o:spid="_x0000_i1046" type="#_x0000_t75" alt="https://bbs.ichunqiu.com/data/attachment/forum/201811/13/140334r111rpp1iq11f5ip.jpg.thumb.jpg" style="width:374.25pt;height:147.75pt;visibility:visible;mso-wrap-style:square;">
<v:imagedata src="https://9kb.org/admin/a479c84ee8a93da0ef378490c44ebcca.files/image004.jpg" o:title="140334r111rpp1iq11f5ip.jpg.thumb" />
</v:shape><!--><!----><img width="499" height="197" src="https://9kb.org/admin/a479c84ee8a93da0ef378490c44ebcca.files/image004.jpg" alt="https://bbs.ichunqiu.com/data/attachment/forum/201811/13/140334r111rpp1iq11f5ip.jpg.thumb.jpg" v:shapes="aimg_77762" /><!----></span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><o:p></o:p></span>
        </p>
        <p class="MsoNormal" style="mso-pagination:widow-orphan;">
                <span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br />
d). </span><span style="font-size:12.0pt;font-family:宋体;mso-ascii-font-family:Simsun;mso-hansi-font-family:Simsun;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">通过脚本，可将全站视频下载下来。</span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br style="mso-special-character:line-break;" />
<!----><br style="mso-special-character:line-break;" />
<!----><o:p></o:p></span>
        </p>
        <p class="MsoNormal" style="mso-pagination:widow-orphan;">
                <span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;mso-no-proof:yes;"><!--><v:shape id="aimg_77763" o:spid="_x0000_i1045" type="#_x0000_t75" alt="https://bbs.ichunqiu.com/data/attachment/forum/201811/13/140407mou65rkd1yr5ywgb.jpg.thumb.jpg" style="width:374.25pt;height:189pt;visibility:visible;mso-wrap-style:square;">
<v:imagedata src="https://9kb.org/admin/a479c84ee8a93da0ef378490c44ebcca.files/image005.jpg" o:title="140407mou65rkd1yr5ywgb.jpg.thumb" />
</v:shape><!--><!----><img width="499" height="252" src="https://9kb.org/admin/a479c84ee8a93da0ef378490c44ebcca.files/image005.jpg" alt="https://bbs.ichunqiu.com/data/attachment/forum/201811/13/140407mou65rkd1yr5ywgb.jpg.thumb.jpg" v:shapes="aimg_77763" /><!----></span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><o:p></o:p></span>
        </p>
        <p class="MsoNormal" style="mso-pagination:widow-orphan;">
                <span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br />
</span><b><span style="font-size:12.0pt;font-family:宋体;mso-ascii-font-family:Simsun;mso-hansi-font-family:Simsun;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">客户端验证信息泄露</span></b><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br />
<br />
</span><span style="font-size:12.0pt;font-family:宋体;mso-ascii-font-family:Simsun;mso-hansi-font-family:Simsun;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">程序员在编写验证程序时有可能会将验证信息直接泄露到客户端，攻击者就可以通过分析服务端的返回数据直接获得关键的验证信息从而完成验证。</span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br />
<br />
</span><b><span style="font-size:12.0pt;font-family:宋体;mso-ascii-font-family:Simsun;mso-hansi-font-family:Simsun;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">举个栗子：</span></b><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br />
<br />
</span><span style="font-size:12.0pt;font-family:宋体;mso-ascii-font-family:Simsun;mso-hansi-font-family:Simsun;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">某免费</span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">wifi</span><span style="font-size:12.0pt;font-family:宋体;mso-ascii-font-family:Simsun;mso-hansi-font-family:Simsun;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">连接时需要使用发送到手机的密码进行验证，抓取发送密码的数据包时，发现密码返回客户端，导致任意全网账号可以登录联网。</span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br style="mso-special-character:line-break;" />
<!----><br style="mso-special-character:line-break;" />
<!----><o:p></o:p></span>
        </p>
        <p class="MsoNormal" style="mso-pagination:widow-orphan;">
                <span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;mso-no-proof:yes;"><!--><v:shape id="aimg_77764" o:spid="_x0000_i1044" type="#_x0000_t75" alt="https://bbs.ichunqiu.com/data/attachment/forum/201811/13/140506xdawbzai7l5l621c.jpg.thumb.jpg" style="width:374.25pt;height:121.5pt;visibility:visible;mso-wrap-style:square;">
<v:imagedata src="https://9kb.org/admin/a479c84ee8a93da0ef378490c44ebcca.files/image006.jpg" o:title="140506xdawbzai7l5l621c.jpg.thumb" />
</v:shape><!--><!----><img width="499" height="162" src="https://9kb.org/admin/a479c84ee8a93da0ef378490c44ebcca.files/image006.jpg" alt="https://bbs.ichunqiu.com/data/attachment/forum/201811/13/140506xdawbzai7l5l621c.jpg.thumb.jpg" v:shapes="aimg_77764" /><!----></span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><o:p></o:p></span>
        </p>
        <p class="MsoNormal" style="mso-pagination:widow-orphan;">
                <span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br />
</span><b><span style="font-size:12.0pt;font-family:宋体;mso-ascii-font-family:Simsun;mso-hansi-font-family:Simsun;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">客户端流程控制绕过</span></b><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br />
<br />
</span><span style="font-size:12.0pt;font-family:宋体;mso-ascii-font-family:Simsun;mso-hansi-font-family:Simsun;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">程序员在编写验证程序时有可能会验证结果返回到客户端，由客户端根据服务端提供的验证结果进行下一步操作，攻击者可以通过篡改验证结果或直接执行下一步操作实现绕过。</span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br />
<br />
</span><b><span style="font-size:12.0pt;font-family:宋体;mso-ascii-font-family:Simsun;mso-hansi-font-family:Simsun;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">举个栗子：</span></b><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br />
<br />
a). </span><span style="font-size:12.0pt;font-family:宋体;mso-ascii-font-family:Simsun;mso-hansi-font-family:Simsun;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">某系统重置密码需要三个步骤，首先要输入图片验证码。</span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br style="mso-special-character:line-break;" />
<!----><br style="mso-special-character:line-break;" />
<!----><o:p></o:p></span>
        </p>
        <p class="MsoNormal" style="mso-pagination:widow-orphan;">
                <span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;mso-no-proof:yes;"><!--><v:shape id="aimg_77765" o:spid="_x0000_i1043" type="#_x0000_t75" alt="https://bbs.ichunqiu.com/data/attachment/forum/201811/13/140556kzxkvf9k8eav9uzv.jpg.thumb.jpg" style="width:374.25pt;height:199.5pt;visibility:visible;mso-wrap-style:square;">
<v:imagedata src="https://9kb.org/admin/a479c84ee8a93da0ef378490c44ebcca.files/image007.jpg" o:title="140556kzxkvf9k8eav9uzv.jpg.thumb" />
</v:shape><!--><!----><img width="499" height="266" src="https://9kb.org/admin/a479c84ee8a93da0ef378490c44ebcca.files/image007.jpg" alt="https://bbs.ichunqiu.com/data/attachment/forum/201811/13/140556kzxkvf9k8eav9uzv.jpg.thumb.jpg" v:shapes="aimg_77765" /><!----></span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><o:p></o:p></span>
        </p>
        <p class="MsoNormal" style="mso-pagination:widow-orphan;">
                <span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br />
b). </span><span style="font-size:12.0pt;font-family:宋体;mso-ascii-font-family:Simsun;mso-hansi-font-family:Simsun;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">然后需要通过短信验证码验证身份。</span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br style="mso-special-character:line-break;" />
<!----><br style="mso-special-character:line-break;" />
<!----><o:p></o:p></span>
        </p>
        <p class="MsoNormal" style="mso-pagination:widow-orphan;">
                <span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;mso-no-proof:yes;"><!--><v:shape id="aimg_77766" o:spid="_x0000_i1042" type="#_x0000_t75" alt="https://bbs.ichunqiu.com/data/attachment/forum/201811/13/140636toczrmicci44zko4.jpg.thumb.jpg" style="width:374.25pt;height:225.75pt;visibility:visible;mso-wrap-style:square;">
<v:imagedata src="https://9kb.org/admin/a479c84ee8a93da0ef378490c44ebcca.files/image008.jpg" o:title="140636toczrmicci44zko4.jpg.thumb" />
</v:shape><!--><!----><img width="499" height="301" src="https://9kb.org/admin/a479c84ee8a93da0ef378490c44ebcca.files/image008.jpg" alt="https://bbs.ichunqiu.com/data/attachment/forum/201811/13/140636toczrmicci44zko4.jpg.thumb.jpg" v:shapes="aimg_77766" /><!----></span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><o:p></o:p></span>
        </p>
        <p class="MsoNormal" style="mso-pagination:widow-orphan;">
                <span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br />
c).</span><span style="font-size:12.0pt;font-family:宋体;mso-ascii-font-family:Simsun;mso-hansi-font-family:Simsun;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">访问</span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">http://*.*.*.*/a/user/findPasswordSetp </span><span style="font-size:12.0pt;font-family:宋体;mso-ascii-font-family:Simsun;mso-hansi-font-family:Simsun;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">直接跳到重置密码的页面。</span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br style="mso-special-character:line-break;" />
<!----><br style="mso-special-character:line-break;" />
<!----><o:p></o:p></span>
        </p>
        <p class="MsoNormal" style="mso-pagination:widow-orphan;">
                <span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;mso-no-proof:yes;"><!--><v:shape id="aimg_77767" o:spid="_x0000_i1041" type="#_x0000_t75" alt="https://bbs.ichunqiu.com/data/attachment/forum/201811/13/140659z99jktjgq93ps9zg.jpg.thumb.jpg" style="width:374.25pt;height:204pt;visibility:visible;mso-wrap-style:square;">
<v:imagedata src="https://9kb.org/admin/a479c84ee8a93da0ef378490c44ebcca.files/image009.jpg" o:title="140659z99jktjgq93ps9zg.jpg.thumb" />
</v:shape><!--><!----><img width="499" height="272" src="https://9kb.org/admin/a479c84ee8a93da0ef378490c44ebcca.files/image009.jpg" alt="https://bbs.ichunqiu.com/data/attachment/forum/201811/13/140659z99jktjgq93ps9zg.jpg.thumb.jpg" v:shapes="aimg_77767" /><!----></span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><o:p></o:p></span>
        </p>
        <p class="MsoNormal" style="mso-pagination:widow-orphan;">
                <span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br />
d). </span><span style="font-size:12.0pt;font-family:宋体;mso-ascii-font-family:Simsun;mso-hansi-font-family:Simsun;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">可成功修改密码密码。</span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br style="mso-special-character:line-break;" />
<!----><br style="mso-special-character:line-break;" />
<!----><o:p></o:p></span>
        </p>
        <p class="MsoNormal" style="mso-pagination:widow-orphan;">
                <span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;mso-no-proof:yes;"><!--><v:shape id="aimg_77768" o:spid="_x0000_i1040" type="#_x0000_t75" alt="https://bbs.ichunqiu.com/data/attachment/forum/201811/13/140723upscw9szkxkpgpmd.jpg.thumb.jpg" style="width:355.5pt;height:181.5pt;visibility:visible;mso-wrap-style:square;">
<v:imagedata src="https://9kb.org/admin/a479c84ee8a93da0ef378490c44ebcca.files/image010.jpg" o:title="140723upscw9szkxkpgpmd.jpg.thumb" />
</v:shape><!--><!----><img width="474" height="242" src="https://9kb.org/admin/a479c84ee8a93da0ef378490c44ebcca.files/image010.jpg" alt="https://bbs.ichunqiu.com/data/attachment/forum/201811/13/140723upscw9szkxkpgpmd.jpg.thumb.jpg" v:shapes="aimg_77768" /><!----></span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><o:p></o:p></span>
        </p>
        <p class="MsoNormal" style="mso-pagination:widow-orphan;">
                <span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br />
</span><b><span style="font-size:12.0pt;font-family:宋体;mso-ascii-font-family:Simsun;mso-hansi-font-family:Simsun;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">操作目标篡改绕过</span></b><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br />
<br />
</span><span style="font-size:12.0pt;font-family:宋体;mso-ascii-font-family:Simsun;mso-hansi-font-family:Simsun;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">如果某操作采用了连续身份校验机制或身份校验过程与操作过程分离，可以尝试在身份验证过程中替换身份校验对象或操作对象实现绕过验证。</span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br />
<br />
</span><b><span style="font-size:12.0pt;font-family:宋体;mso-ascii-font-family:Simsun;mso-hansi-font-family:Simsun;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">举个栗子：</span></b><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br />
<br />
a). </span><span style="font-size:12.0pt;font-family:宋体;mso-ascii-font-family:Simsun;mso-hansi-font-family:Simsun;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">修改某系统的绑定手机。</span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br style="mso-special-character:line-break;" />
<!----><br style="mso-special-character:line-break;" />
<!----><o:p></o:p></span>
        </p>
        <p class="MsoNormal" style="mso-pagination:widow-orphan;">
                <span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;mso-no-proof:yes;"><!--><v:shape id="aimg_77769" o:spid="_x0000_i1039" type="#_x0000_t75" alt="https://bbs.ichunqiu.com/data/attachment/forum/201811/13/140805uegdagc2pq2gvex6.jpg.thumb.jpg" style="width:374.25pt;height:144.75pt;visibility:visible;mso-wrap-style:square;">
<v:imagedata src="https://9kb.org/admin/a479c84ee8a93da0ef378490c44ebcca.files/image011.jpg" o:title="140805uegdagc2pq2gvex6.jpg.thumb" />
</v:shape><!--><!----><img width="499" height="193" src="https://9kb.org/admin/a479c84ee8a93da0ef378490c44ebcca.files/image011.jpg" alt="https://bbs.ichunqiu.com/data/attachment/forum/201811/13/140805uegdagc2pq2gvex6.jpg.thumb.jpg" v:shapes="aimg_77769" /><!----></span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><o:p></o:p></span>
        </p>
        <p class="MsoNormal" style="mso-pagination:widow-orphan;">
                <span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br />
b). </span><span style="font-size:12.0pt;font-family:宋体;mso-ascii-font-family:Simsun;mso-hansi-font-family:Simsun;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">选择免费接收短信校验码修改。</span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br style="mso-special-character:line-break;" />
<!----><br style="mso-special-character:line-break;" />
<!----><o:p></o:p></span>
        </p>
        <p class="MsoNormal" style="mso-pagination:widow-orphan;">
                <span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;mso-no-proof:yes;"><!--><v:shape id="aimg_77770" o:spid="_x0000_i1038" type="#_x0000_t75" alt="https://bbs.ichunqiu.com/data/attachment/forum/201811/13/140829rws6ise4vwti66i6.jpg.thumb.jpg" style="width:374.25pt;height:187.5pt;visibility:visible;mso-wrap-style:square;">
<v:imagedata src="https://9kb.org/admin/a479c84ee8a93da0ef378490c44ebcca.files/image012.jpg" o:title="140829rws6ise4vwti66i6.jpg.thumb" />
</v:shape><!--><!----><img width="499" height="250" src="https://9kb.org/admin/a479c84ee8a93da0ef378490c44ebcca.files/image012.jpg" alt="https://bbs.ichunqiu.com/data/attachment/forum/201811/13/140829rws6ise4vwti66i6.jpg.thumb.jpg" v:shapes="aimg_77770" /><!----></span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><o:p></o:p></span>
        </p>
        <p class="MsoNormal" style="mso-pagination:widow-orphan;">
                <span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br />
c). </span><span style="font-size:12.0pt;font-family:宋体;mso-ascii-font-family:Simsun;mso-hansi-font-family:Simsun;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">将修改的手机号改为自己的手机号码。</span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br style="mso-special-character:line-break;" />
<!----><br style="mso-special-character:line-break;" />
<!----><o:p></o:p></span>
        </p>
        <p class="MsoNormal" style="mso-pagination:widow-orphan;">
                <span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;mso-no-proof:yes;"><!--><v:shape id="aimg_77771" o:spid="_x0000_i1037" type="#_x0000_t75" alt="https://bbs.ichunqiu.com/data/attachment/forum/201811/13/140857rsf7r3jk7js39ros.jpg.thumb.jpg" style="width:374.25pt;height:204.75pt;visibility:visible;mso-wrap-style:square;">
<v:imagedata src="https://9kb.org/admin/a479c84ee8a93da0ef378490c44ebcca.files/image013.jpg" o:title="140857rsf7r3jk7js39ros.jpg.thumb" />
</v:shape><!--><!----><img width="499" height="273" src="https://9kb.org/admin/a479c84ee8a93da0ef378490c44ebcca.files/image013.jpg" alt="https://bbs.ichunqiu.com/data/attachment/forum/201811/13/140857rsf7r3jk7js39ros.jpg.thumb.jpg" v:shapes="aimg_77771" /><!----></span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><o:p></o:p></span>
        </p>
        <p class="MsoNormal" style="mso-pagination:widow-orphan;">
                <span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br />
d). </span><span style="font-size:12.0pt;font-family:宋体;mso-ascii-font-family:Simsun;mso-hansi-font-family:Simsun;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">通过修改的手机号码收到的校验码修改手机号。</span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br style="mso-special-character:line-break;" />
<!----><br style="mso-special-character:line-break;" />
<!----><o:p></o:p></span>
        </p>
        <p class="MsoNormal" style="mso-pagination:widow-orphan;">
                <span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;mso-no-proof:yes;"><!--><v:shape id="aimg_77772" o:spid="_x0000_i1036" type="#_x0000_t75" alt="https://bbs.ichunqiu.com/data/attachment/forum/201811/13/140923uq62qqh4ssg26fqb.jpg.thumb.jpg" style="width:374.25pt;height:134.25pt;visibility:visible;mso-wrap-style:square;">
<v:imagedata src="https://9kb.org/admin/a479c84ee8a93da0ef378490c44ebcca.files/image014.jpg" o:title="140923uq62qqh4ssg26fqb.jpg.thumb" />
</v:shape><!--><!----><img width="499" height="179" src="https://9kb.org/admin/a479c84ee8a93da0ef378490c44ebcca.files/image014.jpg" alt="https://bbs.ichunqiu.com/data/attachment/forum/201811/13/140923uq62qqh4ssg26fqb.jpg.thumb.jpg" v:shapes="aimg_77772" /><!----></span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><o:p></o:p></span>
        </p>
        <p class="MsoNormal" style="mso-pagination:widow-orphan;">
                <span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br />
<br />
e). </span><span style="font-size:12.0pt;font-family:宋体;mso-ascii-font-family:Simsun;mso-hansi-font-family:Simsun;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">发现可以成功修改成新的手机号。</span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br style="mso-special-character:line-break;" />
<!----><br style="mso-special-character:line-break;" />
<!----><o:p></o:p></span>
        </p>
        <p class="MsoNormal" style="mso-pagination:widow-orphan;">
                <span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;mso-no-proof:yes;"><!--><v:shape id="aimg_77773" o:spid="_x0000_i1035" type="#_x0000_t75" alt="https://bbs.ichunqiu.com/data/attachment/forum/201811/13/140952rqpgog2k2epoqzz8.jpg.thumb.jpg" style="width:374.25pt;height:137.25pt;visibility:visible;mso-wrap-style:square;">
<v:imagedata src="https://9kb.org/admin/a479c84ee8a93da0ef378490c44ebcca.files/image015.jpg" o:title="140952rqpgog2k2epoqzz8.jpg.thumb" />
</v:shape><!--><!----><img width="499" height="183" src="https://9kb.org/admin/a479c84ee8a93da0ef378490c44ebcca.files/image015.jpg" alt="https://bbs.ichunqiu.com/data/attachment/forum/201811/13/140952rqpgog2k2epoqzz8.jpg.thumb.jpg" v:shapes="aimg_77773" /><!----></span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><o:p></o:p></span>
        </p>
        <p class="MsoNormal" style="mso-pagination:widow-orphan;">
                <span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br />
</span><b><span style="font-size:12.0pt;font-family:宋体;mso-ascii-font-family:Simsun;mso-hansi-font-family:Simsun;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">参数篡改</span></b><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br />
<br />
</span><span style="font-size:12.0pt;font-family:宋体;mso-ascii-font-family:Simsun;mso-hansi-font-family:Simsun;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">程序猿小哥哥在编写验证程序时有可能会对验证码字段进行正确性校验，但当验证码字段不存在或为空时就直接通过校验。</span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br />
<br />
</span><b><span style="font-size:12.0pt;font-family:宋体;mso-ascii-font-family:Simsun;mso-hansi-font-family:Simsun;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">举个栗子：</span></b><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br />
<br />
a).</span><span style="font-size:12.0pt;font-family:宋体;mso-ascii-font-family:Simsun;mso-hansi-font-family:Simsun;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">某系统存在绕过验证漏洞，抓取登录的数据包。</span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br style="mso-special-character:line-break;" />
<!----><br style="mso-special-character:line-break;" />
<!----><o:p></o:p></span>
        </p>
        <p class="MsoNormal" style="mso-pagination:widow-orphan;">
                <span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;mso-no-proof:yes;"><!--><v:shape id="aimg_77774" o:spid="_x0000_i1034" type="#_x0000_t75" alt="https://bbs.ichunqiu.com/data/attachment/forum/201811/13/141036v7yg00eoryti080i.jpg.thumb.jpg" style="width:373.5pt;height:117.75pt;visibility:visible;mso-wrap-style:square;">
<v:imagedata src="https://9kb.org/admin/a479c84ee8a93da0ef378490c44ebcca.files/image016.jpg" o:title="141036v7yg00eoryti080i.jpg.thumb" />
</v:shape><!--><!----><img width="498" height="157" src="https://9kb.org/admin/a479c84ee8a93da0ef378490c44ebcca.files/image016.jpg" alt="https://bbs.ichunqiu.com/data/attachment/forum/201811/13/141036v7yg00eoryti080i.jpg.thumb.jpg" v:shapes="aimg_77774" /><!----></span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><o:p></o:p></span>
        </p>
        <p class="MsoNormal" style="mso-pagination:widow-orphan;">
                <span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br />
b).</span><span style="font-size:12.0pt;font-family:宋体;mso-ascii-font-family:Simsun;mso-hansi-font-family:Simsun;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">删除验证码字段（</span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">securityCode</span><span style="font-size:12.0pt;font-family:宋体;mso-ascii-font-family:Simsun;mso-hansi-font-family:Simsun;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">）进行爆破。</span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br style="mso-special-character:line-break;" />
<!----><br style="mso-special-character:line-break;" />
<!----><o:p></o:p></span>
        </p>
        <p class="MsoNormal" style="mso-pagination:widow-orphan;">
                <span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;mso-no-proof:yes;"><!--><v:shape id="aimg_77775" o:spid="_x0000_i1033" type="#_x0000_t75" alt="https://bbs.ichunqiu.com/data/attachment/forum/201811/13/141101pn37gng9n8862n97.jpg.thumb.jpg" style="width:373.5pt;height:110.25pt;visibility:visible;mso-wrap-style:square;">
<v:imagedata src="https://9kb.org/admin/a479c84ee8a93da0ef378490c44ebcca.files/image017.jpg" o:title="141101pn37gng9n8862n97.jpg.thumb" />
</v:shape><!--><!----><img width="498" height="147" src="https://9kb.org/admin/a479c84ee8a93da0ef378490c44ebcca.files/image017.jpg" alt="https://bbs.ichunqiu.com/data/attachment/forum/201811/13/141101pn37gng9n8862n97.jpg.thumb.jpg" v:shapes="aimg_77775" /><!----></span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><o:p></o:p></span>
        </p>
        <p class="MsoNormal" style="mso-pagination:widow-orphan;">
                <span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br />
c). </span><span style="font-size:12.0pt;font-family:宋体;mso-ascii-font-family:Simsun;mso-hansi-font-family:Simsun;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">爆破成功，并可以使用爆破出来的账号密码进行登录。</span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br style="mso-special-character:line-break;" />
<!----><br style="mso-special-character:line-break;" />
<!----><o:p></o:p></span>
        </p>
        <p class="MsoNormal" style="mso-pagination:widow-orphan;">
                <span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;mso-no-proof:yes;"><!--><v:shape id="aimg_77776" o:spid="_x0000_i1032" type="#_x0000_t75" alt="https://bbs.ichunqiu.com/data/attachment/forum/201811/13/141127cyhacnmjnhvah7rj.jpg.thumb.jpg" style="width:374.25pt;height:198pt;visibility:visible;mso-wrap-style:square;">
<v:imagedata src="https://9kb.org/admin/a479c84ee8a93da0ef378490c44ebcca.files/image018.jpg" o:title="141127cyhacnmjnhvah7rj.jpg.thumb" />
</v:shape><!--><!----><img width="499" height="264" src="https://9kb.org/admin/a479c84ee8a93da0ef378490c44ebcca.files/image018.jpg" alt="https://bbs.ichunqiu.com/data/attachment/forum/201811/13/141127cyhacnmjnhvah7rj.jpg.thumb.jpg" v:shapes="aimg_77776" /><!----></span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><o:p></o:p></span>
        </p>
        <p class="MsoNormal" style="mso-pagination:widow-orphan;">
                <span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><o:p>&nbsp;</o:p></span>
        </p>
        <p class="MsoNormal" style="mso-pagination:widow-orphan;">
                <span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;mso-no-proof:yes;"><!--><v:shape id="aimg_77777" o:spid="_x0000_i1031" type="#_x0000_t75" alt="https://bbs.ichunqiu.com/data/attachment/forum/201811/13/141149jrkgv7ht55r8rxvg.jpg.thumb.jpg" style="width:373.5pt;height:154.5pt;visibility:visible;mso-wrap-style:square;">
<v:imagedata src="https://9kb.org/admin/a479c84ee8a93da0ef378490c44ebcca.files/image019.jpg" o:title="141149jrkgv7ht55r8rxvg.jpg.thumb" />
</v:shape><!--><!----><img width="498" height="206" src="https://9kb.org/admin/a479c84ee8a93da0ef378490c44ebcca.files/image019.jpg" alt="https://bbs.ichunqiu.com/data/attachment/forum/201811/13/141149jrkgv7ht55r8rxvg.jpg.thumb.jpg" v:shapes="aimg_77777" /><!----></span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><o:p></o:p></span>
        </p>
        <p class="MsoNormal" style="mso-pagination:widow-orphan;">
                <span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br />
</span><b><span style="font-size:12.0pt;font-family:宋体;mso-ascii-font-family:Simsun;mso-hansi-font-family:Simsun;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">辅助验证功能绕过</span></b><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br />
<br />
</span><span style="font-size:12.0pt;font-family:宋体;mso-ascii-font-family:Simsun;mso-hansi-font-family:Simsun;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">为了验证用户身份或者避免攻击者使用自动化工具进行批量操作，应用程序可能会采用辅助验证功能，常见的辅助验证功能包括图片验证码、短信验证码、邮箱验证，这些功能在设计时如果存在缺陷则可以被绕过，导致辅助验证功能失效。</span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br />
<br />
</span><b><span style="font-size:12.0pt;font-family:宋体;mso-ascii-font-family:Simsun;mso-hansi-font-family:Simsun;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">举个栗子：</span></b><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br />
<br />
a). </span><span style="font-size:12.0pt;font-family:宋体;mso-ascii-font-family:Simsun;mso-hansi-font-family:Simsun;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">访问某系统，一开始页面无验证码。</span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br style="mso-special-character:line-break;" />
<!----><br style="mso-special-character:line-break;" />
<!----><o:p></o:p></span>
        </p>
        <p class="MsoNormal" style="mso-pagination:widow-orphan;">
                <span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;mso-no-proof:yes;"><!--><v:shape id="aimg_77778" o:spid="_x0000_i1030" type="#_x0000_t75" alt="https://bbs.ichunqiu.com/data/attachment/forum/201811/13/141231iagumacdmw189i12.jpg.thumb.jpg" style="width:374.25pt;height:220.5pt;visibility:visible;mso-wrap-style:square;">
<v:imagedata src="https://9kb.org/admin/a479c84ee8a93da0ef378490c44ebcca.files/image020.jpg" o:title="141231iagumacdmw189i12.jpg.thumb" />
</v:shape><!--><!----><img width="499" height="294" src="https://9kb.org/admin/a479c84ee8a93da0ef378490c44ebcca.files/image020.jpg" alt="https://bbs.ichunqiu.com/data/attachment/forum/201811/13/141231iagumacdmw189i12.jpg.thumb.jpg" v:shapes="aimg_77778" /><!----></span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><o:p></o:p></span>
        </p>
        <p class="MsoNormal" style="mso-pagination:widow-orphan;">
                <span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br />
b). </span><span style="font-size:12.0pt;font-family:宋体;mso-ascii-font-family:Simsun;mso-hansi-font-family:Simsun;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">输错一次之后，出现验证码。</span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br style="mso-special-character:line-break;" />
<!----><br style="mso-special-character:line-break;" />
<!----><o:p></o:p></span>
        </p>
        <p class="MsoNormal" style="mso-pagination:widow-orphan;">
                <span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;mso-no-proof:yes;"><!--><v:shape id="aimg_77779" o:spid="_x0000_i1029" type="#_x0000_t75" alt="https://bbs.ichunqiu.com/data/attachment/forum/201811/13/141258cqk7me7fpkfd8s5o.jpg.thumb.jpg" style="width:374.25pt;height:329.25pt;visibility:visible;mso-wrap-style:square;">
<v:imagedata src="https://9kb.org/admin/a479c84ee8a93da0ef378490c44ebcca.files/image021.jpg" o:title="141258cqk7me7fpkfd8s5o.jpg.thumb" />
</v:shape><!--><!----><img width="499" height="439" src="https://9kb.org/admin/a479c84ee8a93da0ef378490c44ebcca.files/image021.jpg" alt="https://bbs.ichunqiu.com/data/attachment/forum/201811/13/141258cqk7me7fpkfd8s5o.jpg.thumb.jpg" v:shapes="aimg_77779" /><!----></span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><o:p></o:p></span>
        </p>
        <p class="MsoNormal" style="mso-pagination:widow-orphan;">
                <span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br />
c). </span><span style="font-size:12.0pt;font-family:宋体;mso-ascii-font-family:Simsun;mso-hansi-font-family:Simsun;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">尝试进行爆破，抓取第一次无验证码的数据包，发现会提示需要验证码。</span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br style="mso-special-character:line-break;" />
<!----><br style="mso-special-character:line-break;" />
<!----><o:p></o:p></span>
        </p>
        <p class="MsoNormal" style="mso-pagination:widow-orphan;">
                <span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;mso-no-proof:yes;"><!--><v:shape id="aimg_77780" o:spid="_x0000_i1028" type="#_x0000_t75" alt="https://bbs.ichunqiu.com/data/attachment/forum/201811/13/141327rqv2go22agvv2qma.jpg.thumb.jpg" style="width:374.25pt;height:352.5pt;visibility:visible;mso-wrap-style:square;">
<v:imagedata src="https://9kb.org/admin/a479c84ee8a93da0ef378490c44ebcca.files/image022.jpg" o:title="141327rqv2go22agvv2qma.jpg.thumb" />
</v:shape><!--><!----><img width="499" height="470" src="https://9kb.org/admin/a479c84ee8a93da0ef378490c44ebcca.files/image022.jpg" alt="https://bbs.ichunqiu.com/data/attachment/forum/201811/13/141327rqv2go22agvv2qma.jpg.thumb.jpg" v:shapes="aimg_77780" /><!----></span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><o:p></o:p></span>
        </p>
        <p class="MsoNormal" style="mso-pagination:widow-orphan;">
                <span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br />
d). </span><span style="font-size:12.0pt;font-family:宋体;mso-ascii-font-family:Simsun;mso-hansi-font-family:Simsun;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">多次尝试之后发现，验证码是通过</span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">cookie</span><span style="font-size:12.0pt;font-family:宋体;mso-ascii-font-family:Simsun;mso-hansi-font-family:Simsun;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">中的</span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">PHPSESSID</span><span style="font-size:12.0pt;font-family:宋体;mso-ascii-font-family:Simsun;mso-hansi-font-family:Simsun;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">来判断的。</span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br style="mso-special-character:line-break;" />
<!----><br style="mso-special-character:line-break;" />
<!----><o:p></o:p></span>
        </p>
        <p class="MsoNormal" style="mso-pagination:widow-orphan;">
                <span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;mso-no-proof:yes;"><!--><v:shape id="aimg_77781" o:spid="_x0000_i1027" type="#_x0000_t75" alt="https://bbs.ichunqiu.com/data/attachment/forum/201811/13/141351numiumexm7wwnmnw.jpg.thumb.jpg" style="width:374.25pt;height:117.75pt;visibility:visible;mso-wrap-style:square;">
<v:imagedata src="https://9kb.org/admin/a479c84ee8a93da0ef378490c44ebcca.files/image023.jpg" o:title="141351numiumexm7wwnmnw.jpg.thumb" />
</v:shape><!--><!----><img width="499" height="157" src="https://9kb.org/admin/a479c84ee8a93da0ef378490c44ebcca.files/image023.jpg" alt="https://bbs.ichunqiu.com/data/attachment/forum/201811/13/141351numiumexm7wwnmnw.jpg.thumb.jpg" v:shapes="aimg_77781" /><!----></span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><o:p></o:p></span>
        </p>
        <p class="MsoNormal" style="mso-pagination:widow-orphan;">
                <span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br />
e). </span><span style="font-size:12.0pt;font-family:宋体;mso-ascii-font-family:Simsun;mso-hansi-font-family:Simsun;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">修改</span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">PHPSESSID</span><span style="font-size:12.0pt;font-family:宋体;mso-ascii-font-family:Simsun;mso-hansi-font-family:Simsun;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">后成功绕过验证码限制。</span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br style="mso-special-character:line-break;" />
<!----><br style="mso-special-character:line-break;" />
<!----><o:p></o:p></span>
        </p>
        <p class="MsoNormal" style="mso-pagination:widow-orphan;">
                <span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;mso-no-proof:yes;"><!--><v:shape id="aimg_77782" o:spid="_x0000_i1026" type="#_x0000_t75" alt="https://bbs.ichunqiu.com/data/attachment/forum/201811/13/141418pm4v2jwg1vt1nwl0.jpg.thumb.jpg" style="width:374.25pt;height:138pt;visibility:visible;mso-wrap-style:square;">
<v:imagedata src="https://9kb.org/admin/a479c84ee8a93da0ef378490c44ebcca.files/image024.jpg" o:title="141418pm4v2jwg1vt1nwl0.jpg.thumb" />
</v:shape><!--><!----><img width="499" height="184" src="https://9kb.org/admin/a479c84ee8a93da0ef378490c44ebcca.files/image024.jpg" alt="https://bbs.ichunqiu.com/data/attachment/forum/201811/13/141418pm4v2jwg1vt1nwl0.jpg.thumb.jpg" v:shapes="aimg_77782" /><!----></span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><o:p></o:p></span>
        </p>
        <p class="MsoNormal" style="mso-pagination:widow-orphan;">
                <span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br />
<br />
f). </span><span style="font-size:12.0pt;font-family:宋体;mso-ascii-font-family:Simsun;mso-hansi-font-family:Simsun;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">成功爆出账号。</span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br style="mso-special-character:line-break;" />
<!----><br style="mso-special-character:line-break;" />
<!----><o:p></o:p></span>
        </p>
        <p class="MsoNormal" style="mso-pagination:widow-orphan;">
                <span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;mso-no-proof:yes;"><!--><v:shape id="aimg_77783" o:spid="_x0000_i1025" type="#_x0000_t75" alt="https://bbs.ichunqiu.com/data/attachment/forum/201811/13/141444sksggntprw61lrnu.jpg.thumb.jpg" style="width:374.25pt;height:230.25pt;visibility:visible;mso-wrap-style:square;">
<v:imagedata src="https://9kb.org/admin/a479c84ee8a93da0ef378490c44ebcca.files/image025.jpg" o:title="141444sksggntprw61lrnu.jpg.thumb" />
</v:shape><!--><!----><img width="499" height="307" src="https://9kb.org/admin/a479c84ee8a93da0ef378490c44ebcca.files/image025.jpg" alt="https://bbs.ichunqiu.com/data/attachment/forum/201811/13/141444sksggntprw61lrnu.jpg.thumb.jpg" v:shapes="aimg_77783" /><!----></span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><o:p></o:p></span>
        </p>
        <p class="MsoNormal">
                <span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br />
<br />
</span><span style="font-size:12.0pt;font-family:宋体;mso-ascii-font-family:Simsun;mso-hansi-font-family:Simsun;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">好啦，斗哥对于绕过验证的总结就到这里啦，对于绕过验证的修复斗哥有一点点建议：</span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br />
<br />
1.</span><span style="font-size:12.0pt;font-family:宋体;mso-ascii-font-family:Simsun;mso-hansi-font-family:Simsun;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">所有验证在服务端进行，验证问题的答案不能以任何形式返回客户端中（如图片验证码答案、短信验证码、验证问题答案等）。</span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br />
<br />
2.</span><span style="font-size:12.0pt;font-family:宋体;mso-ascii-font-family:Simsun;mso-hansi-font-family:Simsun;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">验证结果及下一步跳转操作由服务端直接进行。</span><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;mso-fareast-font-family:宋体;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;"><br />
<br />
3.</span><span style="font-size:12.0pt;font-family:宋体;mso-ascii-font-family:Simsun;mso-hansi-font-family:Simsun;mso-bidi-font-family:宋体;color:#515151;mso-font-kerning:0pt;">应尽可能避免采用连续身份验证机制，无论采用何种验证机制，只有当所有的数据输入以后，才进行身份验证数据的验证。</span>
        </p>
</div>

查看完整版本: 逻辑漏洞之绕过验证漏洞演示