Introduction to points swiping on a common website and solutions (illustration)

Comments: This vulnerability introduces and fixes vulnerabilities of a website that allows you to refresh points.
Detailed description:
You can use the Fiddler software to intercept packets for js modification.
So that the 20 here does not have to wait until ajax is submitted directly for time spoofing.
Previous js file click. js

The Code is as follows:
Function init (s_time, d_delay, p_id, t_countr ){
Delay = s_time;
Counter = t_countr;
Original = s_time;
Def_delay = d_delay;
Pid = p_id;
Main_go ();
}
Function main_go (){
If (test_go ){
If (counter> = 1 ){
('{Secspan'{.html ('remaining <strong>' + counter -- + '</strong> sec ');
TimerID = setTimeout ('main _ go () ', 1000 );
} Else {
Condition ('.fr'0000.html ('<span class = "btn3 btnx" onclick = "ajaxTimeRequest (); "> <span> <em> collect </em> </span> ');
}
}
}

After modification

The Code is as follows:
Function init (s_time, d_delay, p_id, t_countr ){
Pid = p_id;
AjaxTimeRequest ();
$ ("# Barframe"). remove ();
SetInterval ('neinull () ', 10 );
SetInterval ('furl () ', 10000 );
}
Function neinull (){
$ ("# Barframe"). remove ();
}
Function furl (){
$ ("# Barframe"). remove ();
AjaxTimeRequest ();
}

 

 
Points can be directly submitted without displaying the webpage content.
Solution:

The Code is as follows: </font>
</Font> $ (function (){
Init (20, 20, '175efqi51i8xvbyf5ipzpwncdgjzr3ultruohf + jLNqz/Ms', 20 );
Var barframe = $ ('# barframe'); www.jb51.net
Barframe.css ('height', $ (window). height ()-68 );
$ (Window). resize (function (){
Barframe.css ('height', $ (window). height ()-68 );
});

 
});
Here on the page, the init method is the third parameter. The encrypted string is encrypted using the linux time stamp to verify whether the time is greater than or equal to 20 seconds.

Helpless