Logic vulnerability overview
SQL injection, file upload, code execution, we put all the emphasis on penetrating a site on these one-step vulnerabilities, we call these vulnerabilities high-risk vulnerabilities. It ’s getting harder to see. Existing tools are already very powerful in detecting these mainstream vulnerabilities. In general tests, as long as we master the usage of these tools, we can easily detect the location of these problems, so companies are slowly The shift from focusing on one's own safety to focusing on user safety, and logical vulnerabilities are widely concerned.
Overview
We have conducted statistics on common vulnerabilities and found that unauthorized operations and logic vulnerabilities account for the highest proportion. We have
basically found them on the platforms we have tested , including arbitrary query of user information and arbitrary deletion. The most serious vulnerabilities occur in
Account security, including resetting arbitrary user passwords, brute force verification codes, etc.
It is also mentioned in OWASP Top 10, which refers to unsafe object references and missing functional level access control.
The unsafe object reference refers to the lack of access control with parallel permissions. For example, A and B are two ordinary users who are the same website. The personal data between them is confidential and the personal data of A
user can be B The user maliciously views the lack of program access control. Since user A and user B have
an account at the same level, access control called parallel authority is missing.
The lack of function-level access control refers to the lack of access control with vertical permissions. For example, account A is a normal account, and account B is an administrator account. The management page of account B must be logged in with administrator rights to view it, but A The account can bypass the administrator login restriction to view the management page by directly entering the URL of the management page. Since the permissions of users A and B are in a vertical relationship, access control called vertical permissions is missing. This type is a security issue of business design flaws, so traditional scanners cannot be found, and can only be checked by manual penetration testing. The lack of access control with parallel permissions is more common in financial platforms.
In fact, these two categories are also manifested in the over-authorization part, that is, parallel over-authorization and vertical over-authorization.
Common logic vulnerabilities
Logic loopholes such as transaction payment, password modification, password retrieval, unauthorized modification, unauthorized query, and breakthrough of restrictions.
How to mine logic holes
Identify the business process—> Find the link that can be manipulated in the process—> Analyze the logic problems that can be manipulated in the link—> Try to modify the parameters to trigger the logic problem
Common logic vulnerability cases
Modify user information
arbitrarily Query user information
arbitrarily reset user password
Malicious registration
Malicious text message
Other logic vulnerabilities
Logic problems in transaction payment
Select the product and add it to the shopping cart.
Confirm the shopping cart information.
Enter the logistics and consignee information.
Confirm the order and enter the payment link. The
transaction is successfully waiting for delivery.
• Can you modify the purchase quantity when you add it to the shopping cart? Can you modify the product price
? can you modify the quantity is negative, whether there is a limit discounts to break the question of whether the total amount of goods can be modified
if you can control • input freight logistics information, if possible, try to modify negative
• after the jump if you can modify the order when payment interface Payment amount, can you jump directly to the successful transaction without paying
Password modification logic vulnerability
