Mobile version of the site deletion operation found a major security risk!
This post was last edited by xjl756425616 on 2015-03-16 16:10:30
I have a website that is accessed using the mobile version
There are 2 hyperlinks,
One is to modify and one is to delete
When I click Edit, pop up a Div, and notice that the Close button is next to the delete hyperlink,
Click to close, even with a touch of delete.
The weirdest thing is the delete operation, I added JavaScript to judge,
onclick= "return confirm (' Are you sure you want to delete? ');" Normal Click Delete is a warning message.
But this kind of misoperation actually didn't effect,
After refreshing, the discovery data is deleted
I was surprised yesterday, I thought someone hacked my site, but today I accidentally met again,
It is wrong operation caused, do not know how to do???
Everyone should pay attention!!! I think about the solution!!!
Fortunately there is a database backup
------to solve the idea----------------------
1, your pop-up box is too small, inevitably encounter delete
2, onclick= "return confirm (' Are you sure you want to delete? ');" Is it written in a super-chain?
It's best to write separately