Java-Related Vulnerability learning

This article comes from a study of the Snow Forum article: https://bbs.pediy.com/thread-210876.htm

I. Certification Testing

At present, many pages in the registration before the use of Ajax,jquery no refresh to determine whether the user name registration , the introduction of account name enumeration problem

Client AJAX Code

function Validatorloginname () {

var Loginname=document.getelementbyid ("Uname"). Value;

if (loginname== "") {

Alert ("User name cannot be empty");

Return

}

$.ajax ({

Type: "POST",

URL: "Validatename",

Data: "Loginname=" +loginname;

Success:function (data) {

if (data== "true") {

Alert ("Congratulations, user name not being used");

}else{

Alert ("Sorry! User name exists ");

}

}

});

}

How to FIX: Add verification code, one-time token

Two. Non-authorized access

Cause:

Pages that need to be logged in to access, lack of user login sessions, token validation validity judgments, resulting in non-legitimate users, tokens can access pages that need to be logged in to access

Detection method:

Use Dirbuster for catalog guessing, click Test to see if the Authorized access page can be opened without authorization

Repair method:

A page file contains a file that a user verifies that the session/token is valid, or a new filter

Three. Questions about verification codes that are easy to appear

1. The verification code is stored in a cookie and can be checked directly to see

2, verification code fails to refresh the verification code after verification failure, resulting in brute force

3. Verification code noise or distortion is not high, which can be used to identify the tool

Four. Mobile OTP authentication Bypass

There are risks:

1, mobile phone OTP dynamic code failure time design problems, the failure time set too long and the number of dynamic code bit too little there will be a burst risk

2. After the dynamic code is sent, it is displayed in the source code of the Web page

3. Mobile OTP verification results in the front-end authentication, modify the return status code, can bypass

4. Can I grab the package to modify the phone number, resulting in sending to the attacker's phone

Five, session pinning vulnerability:

The Web application does not perform session management correctly, for example, the session cookie before user logon is the same as after login, and the session does not expire when the user clicks to exit

Test method: Observe the login, after logging in, exit the status of Cookie,sessionid changes

FIX: Once the user login is successful, invalidate the user's session immediately

After the article is not summed up, although there are a lot of knowledge points are not particularly clear, but, overall, coverage of the knowledge point is still quite full, there is the Java language-specific security issues, such as OGNL, container configuration problems, are not mentioned, more regrettable

　　

Java-Related Vulnerability learning