1. Vulnerability Acquisition Method
1) Scanner scan 2) Dark cloud 3) online Service vulnerability
Example:
on-line crm-> administrator weak password, background upload picture vulnerability, upload php file, enter the intranet--scan intranet topology, get various shared files
2. Causes of intrusion
1) Fun 2) Drag the library, the purpose, to obtain a variety of account password. Passwords may be identical in other places.
3) Delete article, Hang black chain, unfair competition attack
3. Common Vulnerabilities
1) SQL injection 2) XSS
4. Some methods of obtaining vulnerabilities
1) Scanner scan 2) Dark cloud View
3) Manufacturing page error, such as parameter quotes, page error will show some sensitive information, gradually change the parameters to see the changes in information
4) Payment security, no money to buy, 1 cents to buy 10 copies, etc.
the server-side data update is incorrect by modifying the packet parameters submitted by the local page, for example, the deduction is negative.
deduct less than the actual value, the quantity is more than the actual value, etc.
