2.2.1 邮件内容中请求链接可预测..............................................................................................26
2.3 数据猜解..........................................................................................................27
2.3.1 账号枚举.................................................................................................................................27
2.3.2 账号密码共用........................................................................................................................28
2.4 认证信息泄漏 ..................................................................................................29
2.4.1 传输过程泄漏........................................................................................................................29
2.4.2 会话变量泄漏........................................................................................................................30
2.5 认证信息猜解 ..................................................................................................30
2.5.1 存在弱口令 ............................................................................................................................30
2.5.2 存在暴力破解........................................................................................................................31
2.6 认证功能失效 ..................................................................................................33
2.6.1 存在空口令 ............................................................................................................................33
2.6.2 认证绕过.................................................................................................................................33
2.6.3 Oauth认证缺陷......................................................................................................................35
2.6.4 IP地址伪造 .............................................................................................................................37
2.7 认证功能滥用 ..................................................................................................37
2.7.1 多点认证缺陷........................................................................................................................37
2.7.2 会话固定.................................................................................................................................38
2.8 业务逻辑篡改 ..................................................................................................40
2.8.1 密码修改/重置流程跨越 .....................................................................................................40
2.8.2 负值反冲.................................................................................................................................41
2.8.3 正负值对冲 ............................................................................................................................42
2.8.4 业务流程跳跃........................................................................................................................43
评论0
最新资源