越权

1 login->register
2 GetPhone->GetPasswd
3 GetPwd->GetPassword

View Code

遍历
https://xx.com/contacts/new?user_id={userId}
文档中插入html代码-
<iframe src="http://169.254.169.254/latest/meta-data">

登录越权

http://www.xx.cn/Login.aspx

绕过 - http://www.xx.cn/html/

参数Fuzz

getRolesByUserId
getUserByUserId

工具

AuthMatrix
Authz
Autorize
AutoRepeater

参考

X-Requested-With: XMLHttpRequest
https://aob-89072.medium.com/story-of-my-bugs-on-a-private-program-privilege-escalation-xss-sqli-idors-a5be4c6acbbd

posted @ 2019-07-18 17:37 7hang 阅读(484) 评论(0) 编辑收藏举报

刷新页面返回顶部