Web漏洞挖掘(一)登录认证模块的暴力破解实例
Web漏洞挖掘(一)登录认证模块的暴力破解实例
- 暴力破解的定义
- 暴力破解的分类
- 暴力破解的威胁
- 涉及的基础知识模块
- 相关硬件(高速GPU推荐)
- 基于Burp Suite的暴力破解实例
暴力破解的定义
暴力破解测试是指针对应用系统用户登录账号与密码进行的枚举测试,针对账号或密码进行逐一对比,直到找到正确的账号与密码。
暴力破解的分类
- 已知账号的情况 :加载密码字典针对密码进行枚举测试;
- 未知账号的情况 :加载账号字典,配合着密码字典进行枚举测试;
- 未知账号和密码的情况:利用两个账号字典与密码字典进行枚举测试;
暴力破解的威胁
根据定义及一部分实战经验,我们知道暴力破解=连续性+字典+自动化成功率≠100%,但我们不可忽视,宁可选择没有密码也不能随便弄一个弱口令密码。
涉及的基础知识模块
- 密码学基础:DES,AES,RSA等
- 加密与解密技术:MD5,SHA1,SHA256,BASE64等
相关硬件(高速GPU推荐)
链接:terahash官网. 价值70k左右,贫穷限制了我的想象力QAQ
基于Burp Suite的暴力破解实例
我们以补天SRC中的山东工艺美术学院的官方邮箱https://mail.sdada.edu.cn/作为训练实例,请勿用作违法犯罪之事,若违反则与本人无关。
第一步:信息收集【尤其是邮箱账号】
- 用googlehack得到一些相关的信息泄露:
- 注册尝试,可以得到用户名与密码的相关要求;
- 登录尝试,是否可以枚举用户与密码的时候,得到具体是用户名不对还是密码不对?
- 准备弱口令字典或者社工库来撞库;
- 彩虹表自制字典
- 是否要求设置复杂密码?
- 是否每次认证都需要安全的验证码?
- 是否对尝试登录行为进行判断和限制?
- 是否存在必要的双因素认证?比如邮箱认证,手机号认证等;
第二步:打开burp suite,并设置firefox浏览器的代理为127.0.0.1:8080
第三步:用firefox的开发者工具得到页面源代码,并进行分析
<!DOCTYPE html><html><head><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="save" content="history" /><link rel="shortcut icon" href="/favicon.ico"/><title>山东工艺美术学院</title><meta http-equiv="Content-Type" content="text/html; charset=gb2312" /><link rel="stylesheet" type="text/css" href="https://rescdn.qqmail.com/bizmail/zh_CN/htmledition/style/login_setting_portal49651a.css" /><link rel="stylesheet" type="text/css" href="https://rescdn.qqmail.com/bizmail/zh_CN/htmledition/style/biz_v3_helper478141.css"><link rel="stylesheet" type="text/css" href="https://rescdn.qqmail.com/bizmail/zh_CN/htmledition/style/wwbiz/official_index4f53db.css" /><script type="text/javascript" src="https://ff.kis.v2.scr.kaspersky-labs.com/FD126C42-EBFA-4E12-B309-BB3FDD723AC1/main.js?attr=2U8F4DebSnBygXLYzd8Im2KZmrxs5xWvC_xNl_vug_-499vUFvj6CmYyDQwavbAA" charset="UTF-8"></script><link rel="stylesheet" crossorigin="anonymous" href="https://ff.kis.v2.scr.kaspersky-labs.com/E3E8934C-235A-4B0E-825A-35A08381A191/abn/main.css?attr=aHR0cHM6Ly9tYWlsLnNkYWRhLmVkdS5jbi8"/><style type="text/css">a{ color:#34599e;}.self_preview_04 a{ color:#C0D2F4;}.self_preview_01{ color:#798699;}.self_preview_02{ color:#a0a0a0;}.self_preview_03{ color:#798699;}.self_preview_04{ color:#C0D2F4;}#preview_box{ color:#C0D2F4;}#preview_box a{ /* color:#C0D2F4; */text-decoration: none;}.bg_color{ background:#eaf3ff;}.border_color{ border:1px solid #acc3e4;}.company_link{color:#C0D2F4; }</style><script src="https://rescdn.qqmail.com/bizmail/zh_CN/htmledition/js_biz/3rd/bj-report-tryjs.min362537.js"></script><script src="https://rescdn.qqmail.com/bizmail/zh_CN/htmledition/js_biz/all4f5328.js" type="text/javascript"></script><script>
var JsChecker =
{
isreload:false,
check:function(_asFile)
{
return typeof window[(/[0-9a-fA-F]{6}$/.test(_asFile) ? _asFile.substr(0,_asFile.length - 6) : _asFile) + "_js"] == "function";
},
load:function(_aoFiles, _abIsReload)
{
for (var i = 0, _nLen = _aoFiles.length; i < _nLen; i++)
{
var _sFile = _aoFiles[i];
if (_sFile && (!_abIsReload || !JsChecker.check(_sFile)))
{
document.write(", " language='javascript' src='https://rescdn.qqmail.com/bizmail/zh_CN/htmledition/js_biz/", _sFile, ".js",
_abIsReload ? "?" + Math.random() : "", "'>, "script>");
_abIsReload && (JsChecker.isreload = true);
}
}
}
};
</script><script>JsChecker.load(["safeauth19d947"]);</script><script>JsChecker.load(["safeauth19d947"], true);</script><script>
BJ_REPORT.init({
id: 1230
});
BJ_REPORT.tryJs().spyAll();
</script><script>
(function()
{
if (!JsChecker.check("safeauth19d947"))
{
var _sHref = location.href;
location.replace(_sHref + (_sHref.indexOf("?") == -1 ? "?" : "&") + "res=local");
}
}
)();
(function()
{
if (JsChecker.isreload)
{
window.netTrans = new Image();
window.netTrans.src = ["/cgi-bin/getinvestigate?flowid=&stat=jsdownloadfail&res=&jsfailtime=",
JsChecker.check("safeauth19d947") ? 1 : 2, "&r=", Math.random()].join("");
}
}
)();
function setCookieAlias(_asValue, _asDomain)
{
var _oDate = new Date( new Date().valueOf() + 7 * 24 * 3600 * 1000 );
var _sCookie = "qqmail_alias=" + escape(_asValue) + "; expires=" + _oDate.toGMTString() + "; path=/; domain=" + _asDomain;
document.cookie = _sCookie;
}
try {
var pp = document.form1.pp.value;
var is_all_zero = true;
for (var i = 0; i < pp.length; i++) {
if (pp.charAt(i) != 0) {
is_all_zero = false;
}
}
if (is_all_zero) {
document.form1.pp.value = '';
}
} catch(e) {}
function checkInput()
{
window.org_pass=S("pp").value;
if (!window.RSAKey)
{
document.getElementById("downError").style.display = "block";
document.getElementById("returnMsg").style.display = "none";
return false;
}
if( !checkCookie() )
{
return false;
}
var inputUin = document.form1.qquin.value.toLowerCase();
if( inputUin == "" )
{
showMsg("emptyUserName");
document.form1.qquin.focus();
return false;
}
var re = /^\d+$/;
if( inputUin.indexOf( "@qq.com" ) > 0 || inputUin.indexOf( "@vip.qq.com" ) > 0 || inputUin.indexOf( "@foxmail.com" ) > 0 )
{
showMsg( "errorLoginWithQQAccount" );
return false;
}
else if( inputUin.indexOf( "@" ) > -1 )
{
showMsg( "errorUserName" );
return false;
}
else
{
document.form1.uin.value = document.form1.qquin.value + "@sdada.edu.cn";
}
if( document.form1.pp.value == "" )
{
showMsg("emptyPassword");
document.form1.pp.focus();
return false;
}
if( document.form1.pp.value.length >= 100 )
{
showMsg("errorPassowrdTooLong");
document.form1.pp.focus();
return false;
}
if( S("VerifyArea").style.display != "none" )
{
if (document.form1.verifycode.value == "验证码")
{
document.form1.verifycode.value = "";
}
if (document.form1.verifycode.value == "")
{
showMsg("emptyVerifyCode");
document.form1.verifycode.focus();
return false;
}
}
else
{
document.form1.verifycode.value = "";
}
var PublicKey = "CF87D7B4C864F4842F1D337491A48FFF54B73A17300E8E42FA365420393AC0346AE55D8AFAD975DFA175FAF0106CBA81AF1DDE4ACEC284DAC6ED9A0D8FEB1CC070733C58213EFFED46529C54CEA06D774E3CC7E073346AEBD6C66FC973F299EB74738E400B22B1E7CDC54E71AED059D228DFEB5B29C530FF341502AE56DDCFE9";
var RSA = new RSAKey();
RSA.setPublic(PublicKey, "10001");
var PublicTs="1595751674";
var Res = RSA.encrypt(document.form1.pp.value + '\n' + document.form1.ts.value + '\n');
if (Res )
{
if (document.form1.chg.value == 1)
{
document.form1.p.value = hex2b64(Res);
}
else
{
if (document.form1.ppp.value != "")
{
document.form1.p.value = document.form1.ppp.value;
}
else
{
document.form1.p.value = hex2b64(Res);
}
}
}
var MaskValue = "";
for (var Loop = 0; Loop < document.form1.pp.value.length; Loop++, MaskValue += "0");
document.form1.pp.value = MaskValue;
setCookieAlias(document.form1.uin.value, document.form1.domain.value);
return true;
}
function CheckName()
{
var _account = document.form1.qquin.value.toLowerCase();
if( _account.indexOf( "@qq.com" ) > 0 || _account.indexOf( "@vip.qq.com" ) > 0 || _account.indexOf( "@foxmail.com" ) > 0 )
{
showMsg( "errorLoginWithQQAccount" );
return false;
}
else if( S("errorLoginWithQQAccount" ) != null )
{
S( "msgContainer" ).innerHTML = "";
S( "msgContainer" ).style.display = "none";
return true;
}
}
function checkCookie() {
var agt,cookieEnabled,isSafari, number;
agt = navigator.userAgent.toLowerCase();
cookieEnabled = navigator.cookieEnabled;
isSafari = ( agt.indexOf("safari") != -1 );
if( !cookieEnabled ) {
S("infobarNoCookie").style.display = "block";
return false;
}
else {
return true;
}
}
function changeimg()
{
S('vfcode').src = '/cgi-bin/getverifyimage?aid=23000101&f=html&ck=1&' + Math.random();
}
function showMsg(msgId)
{
var msg, msgTemplate, txt;
msg = {
errorUserName : "你输入的邮箱帐号不正确,请重新输入",
emptyUserName : "请填写你的邮箱帐号",
emptyPassword : "请填写邮箱密码",
emptyVerifyCode : "请填写验证码",
errorPassowrdTooLong: "邮箱密码不能超过100个字符",
errorNamePassowrd : "你填写的帐号或密码不正确,请再次尝试",
errorVerifyCode : "你填写的验证码不正确",
frequent : "为了保障邮箱安全,请输入验证码",
errorBlockIPErr: "你的IP已被暂时屏蔽,不能登录,请迟一些时候再尝试",
errorDistinctValid: "为了你邮箱帐号的安全,请再次输入验证码登录",
errorPermissionDenied:"你没有权限登录",
errorLoginWithQQAccount: "请使用企业邮箱帐号登录",
errorBizmailMX: "登录失败。你域名的MX记录未通过验证,请联系管理员",
errorBindNullUin: "帐号为空,请重输",
errorBindErr: "帐号绑定关系错误,请联系管理员",
errorBindFail: "帐号绑定关系查询出错,请稍后再试",
errorLogout: "你已成功退出邮箱",
errorTimeout: "你的邮箱被退出",
errorInactive: "你的帐号被禁用,请联系你的管理员",
errorBizmailLoginLimit : "管理员限制该IP登录企业邮箱"
};
msgTemplate = '%_msg_%';
txt = msg[ msgId ];
if (msgId != undefined && msgId != "" && txt != undefined)
{
S( "msgContainer" ).innerHTML = msgTemplate.replace( /%_msg_%/ig , txt ).replace( /%_id_%/ig , msgId );
S( "msgContainer" ).style.display = "";
if (S( "pwd_content" )) {
S( "pwd_content" ).style.display = "";
}
if (S( "wechat_content" )) {
S( "wechat_content" ).style.display = "none";
}
if (S( "phone_content" )) {
S( "phone_content" ).style.display = "none";
}
window.hasErrMsg = true;
return true;
}
}
function addClass(_aoDom, _asClass)
{
var _sClassName = " " + _aoDom.className + " ";
if (_sClassName.indexOf(" " + _asClass + " ") < 0)
{
_aoDom.className += _aoDom.className ? " " + _asClass : _asClass;
}
}
function rmClass(_aoDom, _asClass)
{
var _sClassName = " " + _aoDom.className + " ";
_sClassName = _sClassName.replace(" " + _asClass + " ", " ");
_aoDom.className = _sClassName;
}
function focusUin()
{
var _oUin = document.getElementById("qquin");
_oUin.style.color = "#4d4d4c";
_oUin.value = ("帐号" == _oUin.value) ? "" : _oUin.value;
// var _oSpan = document.getElementById("qquin").parentNode;
// addClass(_oSpan, "input_active");
}
function blurUin()
{
CheckName();
var _oUin = document.getElementById("qquin");
_oUin.style.color = ("" == _oUin.value) ? "#a0a0a0" : "#4d4d4c";
_oUin.value = ("" == _oUin.value) ? "" : _oUin.value;
// var _oSpan = document.getElementById("qquin").parentNode;
// rmClass(_oSpan, "input_active");
}
function focusPT()
{
CheckName();
var _oPP = document.getElementById("pp"),
_oPT = document.getElementById("pptext");
// _oPP.className = "self_input input_active";
_oPP.className = "self_input";
_oPT.style.display = "none";
_oPP.style.display = "";
_oPP.focus();
}
function keyupPP(event)
{
var gsAgent = navigator.userAgent.toLowerCase(),
gbIsOpera = gsAgent.indexOf("opera") > -1,
gbIsIE = (gsAgent.indexOf("compatible") > -1 && !gbIsOpera)|| gsAgent.indexOf("msie") > -1,
gnIEVer = /MSIE (\d+.\d+);/i.test(gsAgent) && parseFloat(RegExp["$1"]);
if(!gbIsIE || (gbIsIE && gnIEVer <= 9)){
var caps_lock_tips = document.getElementById("caps_lock_tips");
var dom = document.getElementById("pp");
var code = event.keyCode || event.which;
isShift = (event.shiftKey || 16 == code || false);
if(!dom.value)
{
caps_lock_tips.style.display = "none";
return false;
}
var newKey = event.key;
if(/^[A-Z]+$/.test(newKey) && caps_lock_tips.style.display != "block" && !isShift)
{
caps_lock_tips.style.display = "block";
}
else if(!/^[A-Z]+$/.test(newKey) && caps_lock_tips.style.display != "none")
{
caps_lock_tips.style.display = "none";
}
}
}
function focusPP()
{
CheckName();
// var _oPP = document.getElementById("pp");
// addClass(_oPP,"input_active");
}
function blurPP2()
{
// var _oPP = document.getElementById("pp");
// rmClass(_oPP,"input_active");
var caps_lock_tips = document.getElementById("caps_lock_tips");
caps_lock_tips.style.display = "none";
}
function blurPP()
{
var _oPP = document.getElementById("pp"),
_oPT = document.getElementById("pptext");
_oPP.className = "self_input";
if ("" == _oPP.value)
{
_oPP.style.display = "none";
_oPT.style.display = "";
}
var caps_lock_tips = document.getElementById("caps_lock_tips");
caps_lock_tips.style.display = "none";
}
function focusVC()
{
var _oVC = document.getElementById("vc");
_oVC.style.color = "#4d4d4c";
_oVC.value = ("验证码" == _oVC.value) ? "" : _oVC.value;
// addClass(document.getElementById("vc"),"input_active");
}
function blurVC()
{
var _oVC = document.getElementById("vc");
_oVC.style.color = ("" == _oVC.value) ? "#a0a0a0" : "#4d4d4c";
_oVC.value = ("" == _oVC.value) ? "验证码" : _oVC.value;
// rmClass(document.getElementById("vc"),"input_active");
}
function init()
{
var o =S('qquin');
try{
if( o.value=='')
{
o.focus();
}
else
{
S('pp').focus();
}
}catch(ex){}
var bAlwaysShowVerifyCode = (false == true);
S("VerifyArea").style.display = ( bAlwaysShowVerifyCode ? "inline" : "none" );
checkCookie();
CheckName();
}
</script></head><body class="self_dm_login layout_wrap_04"><form name="form1" method="post" action="/cgi-bin/login" onSubmit="return checkInput();" ><input type="hidden" name="sid" value=""/><input type="hidden" name="uin" value=""/><input type="hidden" name="domain" value="sdada.edu.cn" /><input type="hidden" name="aliastype" value="other"/><input type="hidden" name="errtemplate" value="logindomain"/><input type="hidden" name="firstlogin" value="false"/><input type="hidden" name="f" value="html"/><input type="hidden" name="p"/><input type="hidden" name="delegate_url" value="" /><input type="hidden" name="ppp" value="" /><input type="hidden" name="ts" value="1595751674" /><input type="hidden" name="chg" value="0" /><input type="hidden" name="fun"/><input type="hidden" name="vt"/><input type="hidden" name="inputuin"/><input type="hidden" name="wx_login_code"><input type="hidden" name="t"><input type="hidden" name="ef"><input type="hidden" name="login_from" value="mail_login_sdada.edu.cn"><div class="self_preview_04" id="preview_box"><div id="preview_mask" style=""></div><div class="self_preview_wrap"><div class="preview_head"><div class="company_logo edit_issue"><img style="margin-top:0px;margin-left:0px;" class="logo_img" src="/cgi-bin/viewfile?type=skin&domain=&f=14217A43806E5DECF73A84F31C63B32D1EF61D3B48AB3A3862F7F323BDFC4020&skin_modtime=1571126959" alt=""/></div></div><div class="company_main"><div class="company_main_wrap"><div class="company_pic edit_issue"><img src="/cgi-bin/viewfile?type=skin&domain=&f=14217A43806E5DECF73A84F31C63B32D1EF61D3B48AB3A383191E1119499949D&skin_modtime=1571126959" style="margin-top:0px;margin-left:0px;" /></div><p class="bg_color edit_issue" >山东工艺美术学院电子邮件系统</p><div class="company_loginbox bg_color border_color edit_issue"><div id="js_input_area"><h3>登录邮箱</h3><div class="company_input_wrap kd_04_uin" style="display: inline-block; vertical-align: middle;height: 34px;"><span class="input_with_domain" style="position: relative;"><input type="text" id="qquin" name="qquin" value="" tabindex="1" class="self_input " onfocus="focusUin()" onblur="blurUin()" /><span class="domain_play" title="@sdada.edu.cn">@sdada.edu.cn</span></span></div><div class="company_input_wrap"><input type="password" id="pp" name="pp" style="display:none;" tabindex="2" class="self_input input_active" onkeyup="keyupPP(event)" onblur="blurPP()" /><input type="password" id="pptext" placeholder="密码" tabindex="2" class="self_input gray" onkeyup="keyupPP(event)" onfocus="focusPT()" /><div class="lock_tips lock_tips_PT04" id="caps_lock_tips" style="display: none;"><span class="lock_tips_row"></span><span>大写锁定已打开</span></div></div><div id="VerifyArea" class="company_input_wrap verifor4" style=""><input type="text" id="vc" name="verifycode" tabindex="3" autocomplete="off" class="self_input gray" value="验证码" onfocus="focusVC()" onblur="blurVC()" /><div class="self_tips"><div class="self_veri_img"><script type="text/javascript">
document.write("![](/cgi-bin/getverifyimage?aid=23000101&f=html&ck=1&"</span><span class="token punctuation">,</span>Math<span class="token punctuation">.</span><span class="token function">random</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">,</span><span class="token string">")
");
</script></div><div><a style="color:#a0a0a0;" href="javascript:changeimg()">换一个</a></div></div></div><div class="login_submit" style="display: inline-block;vertical-align: middle; position: relative;top:-5px"><a class="login_btn_wrapper" href="javascript:;"><input class="login_btn" type="submit" value="登录" /></a><a class="admin_login_link" href="http://exmail.qq.com/login">管理员登录</a><span style="margin: 0 3px;">|</span><a href="/cgi-bin/readtemplate?check=false&t=biz_rf_portal#recovery">忘记密码?</a></div><div id="msgContainer" class="login_box_msg" style="display:none;">提示区域</div></div></div></div></div><div class="company_bottom"><div class="company_link bg_color edit_issue"><a href="http://www.sdada.edu.cn" target="_blank">学校网站</a> | <a href="http://ehall.sdada.edu.cn" target="_blank">服务大厅</a> | <a href="http://img.cpdaily.com/ldy/index.html" target="_blank">今日校园</a> | <a href="https://ow365.sdada.edu.cn/?furl=http://www.sdada.edu.cn/doc/exmail.docx" target="_blank">迁移说明</a></div><div class="company_copyright edit_issue">© <span>1998 - 2018 Tencent Inc. All Rights Reserved</span><a id="beian_tag" style="display: block;color: #C0D2F4;font-size: 12px;text-align: center;text-decoration:underline;" href="http://www.beian.miit.gov.cn" target="_blank">鲁ICP备14027231号-1</a></div></div><div id="EditWrap"></div><div id="EditWrap2"></div></div></div></body><script>init();</script><script type="text/javascript" src="https://rescdn.qqmail.com/bizmail/zh_CN/htmledition/js_biz/lib/jquery/jquery-1.11.0.min37fecf.js"></script><script type="text/javascript" src="https://rescdn.qqmail.com/bizmail/zh_CN/htmledition/js_biz/home/new_index/lib/jqueryplugin/throttle-debounce431c2c.js"></script><script type="text/javascript" src="https://rescdn.qqmail.com/bizmail/zh_CN/htmledition/js_biz/home/new_index/lib/nano462fc5.js"></script><script type="text/javascript" src="https://rescdn.qqmail.com/bizmail/zh_CN/htmledition/js_biz/home/new_index/lib/dropdown/dropDownTpl462fc5.js"></script><script type="text/javascript" src="https://rescdn.qqmail.com/bizmail/zh_CN/htmledition/js_biz/home/new_index/lib/dropdown/dropDownItemTpl462fc5.js"></script><script type="text/javascript" src="https://rescdn.qqmail.com/bizmail/zh_CN/htmledition/js_biz/home/new_index/lib/dropdown/dropdown462fc5.js"></script><script type="text/javascript" src="https://rescdn.qqmail.com/bizmail/zh_CN/htmledition/js_biz/home/new_index/lib/dropdown/countryCodeMap462fc5.js"></script><script type="text/javascript" src="https://rescdn.qqmail.com/bizmail/zh_CN/htmledition/js_biz/home/new_index/lib/dropdown/countryCodeDropDown462fc5.js"></script><script type="text/javascript" src="https://rescdn.qqmail.com/bizmail/zh_CN/htmledition/js_biz/newlogin/custom_login496143.js"></script><script>
window.addEventListener('message', function (e) {
if (e.data && e.origin == 'https://exmail.qq.com') {
location.href = e.data;
}
}, false);
window.custom_layout = '04';
</script></html>
得到公钥CF87D7B4C864F4842F1D337491A48FFF54B73A17300E8E42FA365420393AC0346AE55D8AFAD975DFA175FAF0106CBA81AF1DDE4ACEC284DAC6ED9A0D8FEB1CC070733C58213EFFED46529C54CEA06D774E3CC7E073346AEBD6C66FC973F299EB74738E400B22B1E7CDC54E71AED059D228DFEB5B29C530FF341502AE56DDCFE9
加密方式
通过web前端源代码得到一开始的pp值即为输入的密码,使其与变化的ts拼凑后用RSA公钥进行加密,并从HEX进制转换为BASE64,赋值给p;pp重新赋值为输入密码长度个数的若干0;
第四步:使用已知账号,找到常用的密码字典,进行枚举
由于教育类邮箱不可自行注册,所以无法确认用户名与密码的一般要求,字典无法有针对性地生成,故而暂时只用常见弱口令进行爆破。现在,选择一个已知存在的账号,拦截数据包并爆破,过程如下:
- 假设没有验证码:把用户名及密码参数设为变量,选择第四种攻击模式,并分别完成payload设置,用返回错误提示的文本内容设置上(由于burp suite不支持中文,所以可以把中文先转换成十六进制,再粘贴设置),开始攻击;
- 如有验证码,绕过方法为:
2.1前端绕过
a. 是否可以不输入任何验证码?
b. 是否会验证验证码的正误?【是否有弹出警告框或正误判断信息】
判断是否为前端JS编程来进行验证码运作?
c. burpsuite选择Repeater,修改验证码参数Go一下来进行深层判断【部分情况是在界面看到的验证码正误判断是来自JS编程的弹出效果,但后台并未检验验证码的正误】
2.2 后台绕过
a. 判断为后台验证码后,判断可否重复使用相同的验证码?期限如何?
b. 摸清验证码规律,如有后台权限可以进行代码审计
暂时不更新,容我再分析一段时间
如有需要字典的,可以联系我,免费提供,互相交流