测逝鸭bug
鱼皮的 ⌈测逝鸭⌋ 介绍视频:鱼皮的 ⌈测逝鸭⌋ 介绍视频
先放成果:
以下是所有bug对应的详细信息:
const bugInfo = [
{
"key":"favourInfinite",
"desc":"收藏按钮可以无限点击",
"type":"逻辑漏洞",
"score":1,
"knowledge":"网页前端和后端都要对收藏状态进行控制,防止收藏数异常"
},
{
"key":"thumbUpInfinite",
"desc":"点赞可以无限点击",
"type":"逻辑漏洞",
"score":1,
"knowledge":"网页前端和后端都要对点赞状态进行控制,防止点赞数异常"
},
{
"key":"noQuestionAddPaper",
"desc":"没有选择题目就能操作",
"type":"逻辑漏洞",
"score":3,
"knowledge":"网页前端和后端都要校验用户是否允许操作"
},
{
"key":"viewInfinite",
"desc":"可以刷浏览量",
"type":"逻辑漏洞",
"score":3,
"knowledge":"可以根据用户 id 或 IP 等维度来保证单用户的浏览量不重复统计"
},
{
"key":"tooManyPick",
"desc":"点击按钮过于频繁导致状态显示错误",
"type":"逻辑漏洞",
"score":1,
"knowledge":"前端开发时,要充分测试用户单次操作和多次操作的合理性"
},
{
"key":"xss",
"desc":"触发 XSS 攻击",
"type":"非法输入",
"score":2,
"knowledge":"最普遍的 Web 应用安全漏洞,要在前后端严格校验和过滤用户的非法输入",
"href":"https://baike.baidu.com/item/XSS%E6%94%BB%E5%87%BB/954065"
},
{
"key":"sqlInjection",
"desc":"触发 SQL 注入攻击",
"type":"非法输入",
"score":2,
"knowledge":"常见安全漏洞,要在前后端严格校验和过滤用户的非法输入",
"href":"https://baike.baidu.com/item/sql%E6%B3%A8%E5%85%A5"
},
{
"key":"tooLong",
"desc":"输入过长",
"type":"非法输入",
"knowledge":"网页的前端和后端都要校验用户的输入",
"score":2
},
{
"key":"badEmail",
"desc":"邮件输入不合法",
"type":"非法输入",
"knowledge":"邮箱、手机号之类的重要信息通常需要严格的正则表达式校验,前后端都要校验",
"score":2
},
{
"key":"errorChar",
"desc":"输入非法字符",
"type":"非法输入",
"knowledge":"昵称等信息通常要限制用户输入的字符,防止出现一些安全漏洞或显示异常",
"score":1
},
{
"key":"tooManySubmit",
"desc":"提交数过多",
"type":"非法提交",
"score":2,
"knowledge":"对于内容平台,前端和后端都要对用户的提交频率和次数做限制,防止恶意重复提交"
},
{
"key":"badSubmitHotSearch",
"desc":"频繁提交重复的搜索内容,影响热搜推荐",
"type":"非法提交",
"score":3,
"knowledge":"对于内容平台,要对用户刷量 / 可能影响推荐的行为进行控制"
},
{
"key":"badSubmitFuck",
"desc":"恶意提交粗鄙之语",
"type":"违规提交",
"score":2,
"knowledge":"可以通过人工审核、AI 审核等方式严格控制用户提交内容的合法性,并对违规用户进行封禁"
},
{
"key":"badSubmitRuBBish",
"desc":"恶意提交灌水内容",
"type":"违规提交",
"score":2,
"knowledge":"可以通过人工审核、AI 审核等方式严格控制用户提交内容的合法性,并对违规用户进行封禁"
},
{
"key":"badSubmitAd",
"desc":"恶意提交营销广告",
"type":"违规提交",
"score":2,
"knowledge":"可以通过人工审核、AI 审核等方式严格控制用户提交内容的合法性,并对违规用户进行封禁"
},
{
"key":"badSubmitYellow",
"desc":"恶意提交不健康信息",
"type":"违规提交",
"score":2,
"knowledge":"可以通过人工审核、AI 审核等方式严格控制用户提交内容的合法性,并对违规用户进行封禁"
},
{
"key":"badSubmitFake",
"desc":"恶意提交虚假信息",
"type":"违规提交",
"score":2,
"knowledge":"可以通过人工审核、AI 审核等方式严格控制用户提交内容的合法性,并对违规用户进行封禁"
},
{
"key":"blastPassword",
"desc":"暴力破解密码成功",
"type":"非法登录",
"score":3,
"knowledge":"可以通过验证码、限流、限制单账号密码错误次数等方式防止密码暴力破解",
"href":"https://www.sohu.com/a/497592516_568398"
},
{
"key":"spider",
"desc":"非法爬虫,窃取网站内容",
"type":"非法爬虫",
"score":3,
"knowledge":"可以通过校验码、限制用户浏览条数等方式一定程度上预防爬虫"
},
{
"key":"authBypass",
"desc":"绕过权限,直接访问管理员后台",
"type":"权限绕过",
"score":3,
"knowledge":"前端要对管理后台进行隐藏和鉴权,后端也要对敏感数据进行保护和访问控制"
},
{
"key":"opBypass",
"desc":"绕过前端权限控制,直接访问后台接口",
"type":"权限绕过",
"score":3,
"knowledge":"后端也要对敏感数据进行保护和访问控制"
},
{
"key":"tooFrequentCaptcha",
"desc":"疯狂发送动态码,浪费资源",
"type":"刷资源",
"score":3,
"knowledge":"调用收费 API 时,一定要严格控制用户调用的频率和次数,做好监控告警措施,否则破产就在一瞬间"
},
{
"key":"visitBigPicture",
"desc":"疯狂访问超大图片",
"type":"刷资源",
"score":3,
"knowledge":"要严格限制用户上传文件的大小和格式,并且给存储文件添加防盗链、缓存等防护 / 减压措施,防止资源浪费"
},
{
"key":"visitCostApi",
"desc":"疯狂访问耗时接口",
"type":"刷资源",
"score":3,
"knowledge":"要严格控制单用户调用接口的频率,防止占用过多资源影响正常用户的使用"
},
{
"key":"dos",
"desc":"DOS",
"type":"拒绝服务攻击",
"score":3,
"knowledge":"低成本 / 致命的攻击手段,尽量不要暴露源站 IP,并且给系统添加防火墙等方法策略",
"href":"https://baike.baidu.com/item/dos%E6%94%BB%E5%87%BB"
},
{
"key":"ddos",
"desc":"DDOS",
"type":"拒绝服务攻击",
"score":5,
"knowledge":"低成本 / 致命的攻击手段,尽量不要暴露源站 IP,并且给系统添加防火墙等方法策略",
"href":"https://baike.baidu.com/item/%E5%88%86%E5%B8%83%E5%BC%8F%E6%8B%92%E7%BB%9D%E6%9C%8D%E5%8A%A1%E6%94%BB%E5%87%BB"
},
{
"key":"cc",
"desc":"CC 网页攻击",
"type":"拒绝服务攻击",
"score":4,
"knowledge":"通过模拟正常用户持续访问消耗大量资源的页面,从而影响正常用户的访问",
"href":"https://baike.baidu.com/item/cc%E6%94%BB%E5%87%BB"
},
{
"key":"tooBigUpload",
"desc":"上传超大文件",
"type":"刷资源",
"score":2,
"knowledge":"要严格限制用户上传文件的大小和格式,并且给存储文件添加防盗链、缓存等防护 / 减压措施,防止资源浪费"
},
{
"key":"frequentUpload",
"desc":"疯狂上传文件",
"type":"刷资源",
"score":3,
"knowledge":"建议限制用户上传文件的频率,防止资源浪费"
},
{
"key":"illegalUpload",
"desc":"上传非法脚本文件",
"type":"文件上传漏洞",
"score":3,
"knowledge":"要在后端严格限制用户上传文件的格式 / 类型 / 文件头等",
"href":"https://www.cnblogs.com/chu-jian/p/15553328.html"
},
{
"key":"pretendYupi",
"desc":"冒充站长鱼皮",
"type":"社会工程",
"knowledge":"可以给站点特殊用户增加认证和标识来帮助用户区分",
"score":4
},
{
"key":"getInfoBypass",
"desc":"从其他地方获取密码",
"type":"社会工程",
"score":3,
"href":"https://baike.baidu.com/item/%E7%A4%BE%E4%BC%9A%E5%B7%A5%E7%A8%8B%E6%94%BB%E5%87%BB",
"knowledge":"不要以任何形式在网上散播你的敏感信息,注意自我保护"
},
{
"key":"0day",
"desc":"零日攻击",
"type":"零日攻击",
"score":3,
"knowledge":"是指被发现后立即被恶意利用的安全漏洞,这就需要网站维护人员持续关注最新的安全消息",
"href":"https://baike.baidu.com/item/%E9%9B%B6%E6%97%A5%E6%BC%8F%E6%B4%9E"
},
{
"key":"readLaw",
"desc":"阅读网络安全相关法律",
"type":"职业道德",
"score":2,
"knowledge":"入行第一课,请大家遵守法律,不要恶意攻击他人的网站",
"href":"https://www.hongjibp.com/laws-14402.html"
}
];
血鸭爆表(速通):
恭喜我找出了鱼皮 ⌈测逝鸭⌋ 的所有bug [doge]
因实际(正常)攻击游玩中并没有发现(网页)向后端发送数据, 故数据一定存在本地;
既然存在本地, 那通过F12->Application->LocalStorage就可以发现:
gameState对象中:
succeedUnitList数组应为存放发现的bug的数组;
score应为得分.
//gameState对象:
{"init":false,"score":0,"succeedUnitList":[],"gameTip":false}
那么, 将succeedUnitList数组替换为满分的数组且将score改为满分(86)就可以达到满分的效果
但实际succeedUnitList的格式为:
["favourInfinite", "thumbUpInfinite", "noQuestionAddPaper"]
因未向后台请求数据, 故上面数组中的值一定存在本地;
而通过F12->Sources(或Network)可以发现这个网站只有一个js文件(umi.cdd091BB.js)
那么显而易见, 就直接在umi.cdd091BB.js里Ctrl+F搜favourInfinite
得到两个结果, 其中有一个(第二个)是这样子的:
[key:"favourInfinite",desc:"\u6536\u85CF\u6309\u94AE\u53EF\u4EE5\u65E0\u9650\u70B9\u51FB",type:"\u903B\u8F91\u6F0F\u6D1E",score:1,knowledge:"\u7F51\u9875\u524D\u7AEF\u548C\u540E\u7AEF\u90FD\u8981\u5BF9\u6536\u85CF\u72B6\u6001\u8FDB\u884C\u63A7\u5236\uFF0C\u9632\u6B62\u6536\u85CF\u6570\u5F02\u5E38"},{key:"thumbUpInfinite",desc:"\u70B9\u8D5E\u53EF\u4EE5\u65E0\u9650\u70B9\u51FB",type:"\u903B\u8F91\u6F0F\u6D1E",score:1,knowledge:"\u7F51\u9875\u524D\u7AEF\u548C\u540E\u7AEF\u90FD\u8981\u5BF9\u70B9\u8D5E\u72B6\u6001\u8FDB\u884C\u63A7\u5236\uFF0C\u9632\u6B62\u70B9\u8D5E\u6570\u5F02\u5E38"},{key:"noQuestionAddPaper",desc:"\u6CA1\u6709\u9009\u62E9\u9898\u76EE\u5C31\u80FD\u64CD\u4F5C",type:"\u903B\u8F91\u6F0F\u6D1E",score:3,knowledge:"\u7F51\u9875\u524D\u7AEF\u548C\u540E\u7AEF\u90FD\u8981\u6821\u9A8C\u7528\u6237\u662F\u5426\u5141\u8BB8\u64CD\u4F5C"},{key:"viewInfinite",desc:"\u53EF\u4EE5\u5237\u6D4F\u89C8\u91CF",type:"\u903B\u8F91\u6F0F\u6D1E",score:3,knowledge:"\u53EF\u4EE5\u6839\u636E\u7528\u6237 id \u6216 IP \u7B49\u7EF4\u5EA6\u6765\u4FDD\u8BC1\u5355\u7528\u6237\u7684\u6D4F\u89C8\u91CF\u4E0D\u91CD\u590D\u7EDF\u8BA1"},{key:"tooManyPick",desc:"\u70B9\u51FB\u6309\u94AE\u8FC7\u4E8E\u9891\u7E41\u5BFC\u81F4\u72B6\u6001\u663E\u793A\u9519\u8BEF",type:"\u903B\u8F91\u6F0F\u6D1E",score:1,knowledge:"\u524D\u7AEF\u5F00\u53D1\u65F6\uFF0C\u8981\u5145\u5206\u6D4B\u8BD5\u7528\u6237\u5355\u6B21\u64CD\u4F5C\u548C\u591A\u6B21\u64CD\u4F5C\u7684\u5408\u7406\u6027"},{key:"xss",desc:"\u89E6\u53D1 XSS \u653B\u51FB",type:"\u975E\u6CD5\u8F93\u5165",score:2,knowledge:"\u6700\u666E\u904D\u7684 Web \u5E94\u7528\u5B89\u5168\u6F0F\u6D1E\uFF0C\u8981\u5728\u524D\u540E\u7AEF\u4E25\u683C\u6821\u9A8C\u548C\u8FC7\u6EE4\u7528\u6237\u7684\u975E\u6CD5\u8F93\u5165",href:"https://baike.baidu.com/item/XSS攻击/954065"},{key:"sqlInjection",desc:"\u89E6\u53D1 SQL \u6CE8\u5165\u653B\u51FB",type:"\u975E\u6CD5\u8F93\u5165",score:2,knowledge:"\u5E38\u89C1\u5B89\u5168\u6F0F\u6D1E\uFF0C\u8981\u5728\u524D\u540E\u7AEF\u4E25\u683C\u6821\u9A8C\u548C\u8FC7\u6EE4\u7528\u6237\u7684\u975E\u6CD5\u8F93\u5165",href:"https://baike.baidu.com/item/sql注入"},{key:"tooLong",desc:"\u8F93\u5165\u8FC7\u957F",type:"\u975E\u6CD5\u8F93\u5165",knowledge:"\u7F51\u9875\u7684\u524D\u7AEF\u548C\u540E\u7AEF\u90FD\u8981\u6821\u9A8C\u7528\u6237\u7684\u8F93\u5165",score:2},{key:"badEmail",desc:"\u90AE\u4EF6\u8F93\u5165\u4E0D\u5408\u6CD5",type:"\u975E\u6CD5\u8F93\u5165",knowledge:"\u90AE\u7BB1\u3001\u624B\u673A\u53F7\u4E4B\u7C7B\u7684\u91CD\u8981\u4FE1\u606F\u901A\u5E38\u9700\u8981\u4E25\u683C\u7684\u6B63\u5219\u8868\u8FBE\u5F0F\u6821\u9A8C\uFF0C\u524D\u540E\u7AEF\u90FD\u8981\u6821\u9A8C",score:2},{key:"errorChar",desc:"\u8F93\u5165\u975E\u6CD5\u5B57\u7B26",type:"\u975E\u6CD5\u8F93\u5165",knowledge:"\u6635\u79F0\u7B49\u4FE1\u606F\u901A\u5E38\u8981\u9650\u5236\u7528\u6237\u8F93\u5165\u7684\u5B57\u7B26\uFF0C\u9632\u6B62\u51FA\u73B0\u4E00\u4E9B\u5B89\u5168\u6F0F\u6D1E\u6216\u663E\u793A\u5F02\u5E38",score:1},{key:"tooManySubmit",desc:"\u63D0\u4EA4\u6570\u8FC7\u591A",type:"\u975E\u6CD5\u63D0\u4EA4",score:2,knowledge:"\u5BF9\u4E8E\u5185\u5BB9\u5E73\u53F0\uFF0C\u524D\u7AEF\u548C\u540E\u7AEF\u90FD\u8981\u5BF9\u7528\u6237\u7684\u63D0\u4EA4\u9891\u7387\u548C\u6B21\u6570\u505A\u9650\u5236\uFF0C\u9632\u6B62\u6076\u610F\u91CD\u590D\u63D0\u4EA4"},{key:"badSubmitHotSearch",desc:"\u9891\u7E41\u63D0\u4EA4\u91CD\u590D\u7684\u641C\u7D22\u5185\u5BB9\uFF0C\u5F71\u54CD\u70ED\u641C\u63A8\u8350",type:"\u975E\u6CD5\u63D0\u4EA4",score:3,knowledge:"\u5BF9\u4E8E\u5185\u5BB9\u5E73\u53F0\uFF0C\u8981\u5BF9\u7528\u6237\u5237\u91CF / \u53EF\u80FD\u5F71\u54CD\u63A8\u8350\u7684\u884C\u4E3A\u8FDB\u884C\u63A7\u5236"},{key:"badSubmitFuck",desc:"\u6076\u610F\u63D0\u4EA4\u7C97\u9119\u4E4B\u8BED",type:"\u8FDD\u89C4\u63D0\u4EA4",score:2,knowledge:"\u53EF\u4EE5\u901A\u8FC7\u4EBA\u5DE5\u5BA1\u6838\u3001AI \u5BA1\u6838\u7B49\u65B9\u5F0F\u4E25\u683C\u63A7\u5236\u7528\u6237\u63D0\u4EA4\u5185\u5BB9\u7684\u5408\u6CD5\u6027\uFF0C\u5E76\u5BF9\u8FDD\u89C4\u7528\u6237\u8FDB\u884C\u5C01\u7981"},{key:"badSubmitRubbish",desc:"\u6076\u610F\u63D0\u4EA4\u704C\u6C34\u5185\u5BB9",type:"\u8FDD\u89C4\u63D0\u4EA4",score:2,knowledge:"\u53EF\u4EE5\u901A\u8FC7\u4EBA\u5DE5\u5BA1\u6838\u3001AI \u5BA1\u6838\u7B49\u65B9\u5F0F\u4E25\u683C\u63A7\u5236\u7528\u6237\u63D0\u4EA4\u5185\u5BB9\u7684\u5408\u6CD5\u6027\uFF0C\u5E76\u5BF9\u8FDD\u89C4\u7528\u6237\u8FDB\u884C\u5C01\u7981"},{key:"badSubmitAd",desc:"\u6076\u610F\u63D0\u4EA4\u8425\u9500\u5E7F\u544A",type:"\u8FDD\u89C4\u63D0\u4EA4",score:2,knowledge:"\u53EF\u4EE5\u901A\u8FC7\u4EBA\u5DE5\u5BA1\u6838\u3001AI \u5BA1\u6838\u7B49\u65B9\u5F0F\u4E25\u683C\u63A7\u5236\u7528\u6237\u63D0\u4EA4\u5185\u5BB9\u7684\u5408\u6CD5\u6027\uFF0C\u5E76\u5BF9\u8FDD\u89C4\u7528\u6237\u8FDB\u884C\u5C01\u7981"},{key:"badSubmitYellow",desc:"\u6076\u610F\u63D0\u4EA4\u4E0D\u5065\u5EB7\u4FE1\u606F",type:"\u8FDD\u89C4\u63D0\u4EA4",score:2,knowledge:"\u53EF\u4EE5\u901A\u8FC7\u4EBA\u5DE5\u5BA1\u6838\u3001AI \u5BA1\u6838\u7B49\u65B9\u5F0F\u4E25\u683C\u63A7\u5236\u7528\u6237\u63D0\u4EA4\u5185\u5BB9\u7684\u5408\u6CD5\u6027\uFF0C\u5E76\u5BF9\u8FDD\u89C4\u7528\u6237\u8FDB\u884C\u5C01\u7981"},{key:"badSubmitFake",desc:"\u6076\u610F\u63D0\u4EA4\u865A\u5047\u4FE1\u606F",type:"\u8FDD\u89C4\u63D0\u4EA4",score:2,knowledge:"\u53EF\u4EE5\u901A\u8FC7\u4EBA\u5DE5\u5BA1\u6838\u3001AI \u5BA1\u6838\u7B49\u65B9\u5F0F\u4E25\u683C\u63A7\u5236\u7528\u6237\u63D0\u4EA4\u5185\u5BB9\u7684\u5408\u6CD5\u6027\uFF0C\u5E76\u5BF9\u8FDD\u89C4\u7528\u6237\u8FDB\u884C\u5C01\u7981"},{key:"blastPassword",desc:"\u66B4\u529B\u7834\u89E3\u5BC6\u7801\u6210\u529F",type:"\u975E\u6CD5\u767B\u5F55",score:3,knowledge:"\u53EF\u4EE5\u901A\u8FC7\u9A8C\u8BC1\u7801\u3001\u9650\u6D41\u3001\u9650\u5236\u5355\u8D26\u53F7\u5BC6\u7801\u9519\u8BEF\u6B21\u6570\u7B49\u65B9\u5F0F\u9632\u6B62\u5BC6\u7801\u66B4\u529B\u7834\u89E3",href:"https://www.sohu.com/a/497592516_568398"},{key:"spider",desc:"\u975E\u6CD5\u722C\u866B\uFF0C\u7A83\u53D6\u7F51\u7AD9\u5185\u5BB9",type:"\u975E\u6CD5\u722C\u866B",score:3,knowledge:"\u53EF\u4EE5\u901A\u8FC7\u6821\u9A8C\u7801\u3001\u9650\u5236\u7528\u6237\u6D4F\u89C8\u6761\u6570\u7B49\u65B9\u5F0F\u4E00\u5B9A\u7A0B\u5EA6\u4E0A\u9884\u9632\u722C\u866B"},{key:"authBypass",desc:"\u7ED5\u8FC7\u6743\u9650\uFF0C\u76F4\u63A5\u8BBF\u95EE\u7BA1\u7406\u5458\u540E\u53F0",type:"\u6743\u9650\u7ED5\u8FC7",score:3,knowledge:"\u524D\u7AEF\u8981\u5BF9\u7BA1\u7406\u540E\u53F0\u8FDB\u884C\u9690\u85CF\u548C\u9274\u6743\uFF0C\u540E\u7AEF\u4E5F\u8981\u5BF9\u654F\u611F\u6570\u636E\u8FDB\u884C\u4FDD\u62A4\u548C\u8BBF\u95EE\u63A7\u5236"},{key:"opBypass",desc:"\u7ED5\u8FC7\u524D\u7AEF\u6743\u9650\u63A7\u5236\uFF0C\u76F4\u63A5\u8BBF\u95EE\u540E\u53F0\u63A5\u53E3",type:"\u6743\u9650\u7ED5\u8FC7",score:3,knowledge:"\u540E\u7AEF\u4E5F\u8981\u5BF9\u654F\u611F\u6570\u636E\u8FDB\u884C\u4FDD\u62A4\u548C\u8BBF\u95EE\u63A7\u5236"},{key:"tooFrequentCaptcha",desc:"\u75AF\u72C2\u53D1\u9001\u52A8\u6001\u7801\uFF0C\u6D6A\u8D39\u8D44\u6E90",type:"\u5237\u8D44\u6E90",score:3,knowledge:"\u8C03\u7528\u6536\u8D39 API \u65F6\uFF0C\u4E00\u5B9A\u8981\u4E25\u683C\u63A7\u5236\u7528\u6237\u8C03\u7528\u7684\u9891\u7387\u548C\u6B21\u6570\uFF0C\u505A\u597D\u76D1\u63A7\u544A\u8B66\u63AA\u65BD\uFF0C\u5426\u5219\u7834\u4EA7\u5C31\u5728\u4E00\u77AC\u95F4"},{key:"visitBigPicture",desc:"\u75AF\u72C2\u8BBF\u95EE\u8D85\u5927\u56FE\u7247",type:"\u5237\u8D44\u6E90",score:3,knowledge:"\u8981\u4E25\u683C\u9650\u5236\u7528\u6237\u4E0A\u4F20\u6587\u4EF6\u7684\u5927\u5C0F\u548C\u683C\u5F0F\uFF0C\u5E76\u4E14\u7ED9\u5B58\u50A8\u6587\u4EF6\u6DFB\u52A0\u9632\u76D7\u94FE\u3001\u7F13\u5B58\u7B49\u9632\u62A4 / \u51CF\u538B\u63AA\u65BD\uFF0C\u9632\u6B62\u8D44\u6E90\u6D6A\u8D39"},{key:"visitCostApi",desc:"\u75AF\u72C2\u8BBF\u95EE\u8017\u65F6\u63A5\u53E3",type:"\u5237\u8D44\u6E90",score:3,knowledge:"\u8981\u4E25\u683C\u63A7\u5236\u5355\u7528\u6237\u8C03\u7528\u63A5\u53E3\u7684\u9891\u7387\uFF0C\u9632\u6B62\u5360\u7528\u8FC7\u591A\u8D44\u6E90\u5F71\u54CD\u6B63\u5E38\u7528\u6237\u7684\u4F7F\u7528"},{key:"dos",desc:"DOS",type:"\u62D2\u7EDD\u670D\u52A1\u653B\u51FB",score:3,knowledge:"\u4F4E\u6210\u672C / \u81F4\u547D\u7684\u653B\u51FB\u624B\u6BB5\uFF0C\u5C3D\u91CF\u4E0D\u8981\u66B4\u9732\u6E90\u7AD9 IP\uFF0C\u5E76\u4E14\u7ED9\u7CFB\u7EDF\u6DFB\u52A0\u9632\u706B\u5899\u7B49\u65B9\u6CD5\u7B56\u7565",href:"https://baike.baidu.com/item/dos攻击"},{key:"ddos",desc:"DDOS",type:"\u62D2\u7EDD\u670D\u52A1\u653B\u51FB",score:5,knowledge:"\u4F4E\u6210\u672C / \u81F4\u547D\u7684\u653B\u51FB\u624B\u6BB5\uFF0C\u5C3D\u91CF\u4E0D\u8981\u66B4\u9732\u6E90\u7AD9 IP\uFF0C\u5E76\u4E14\u7ED9\u7CFB\u7EDF\u6DFB\u52A0\u9632\u706B\u5899\u7B49\u65B9\u6CD5\u7B56\u7565",href:"https://baike.baidu.com/item/分布式拒绝服务攻击"},{key:"cc",desc:"CC \u7F51\u9875\u653B\u51FB",type:"\u62D2\u7EDD\u670D\u52A1\u653B\u51FB",score:4,knowledge:"\u901A\u8FC7\u6A21\u62DF\u6B63\u5E38\u7528\u6237\u6301\u7EED\u8BBF\u95EE\u6D88\u8017\u5927\u91CF\u8D44\u6E90\u7684\u9875\u9762\uFF0C\u4ECE\u800C\u5F71\u54CD\u6B63\u5E38\u7528\u6237\u7684\u8BBF\u95EE",href:"https://baike.baidu.com/item/cc攻击"},{key:"tooBigUpload",desc:"\u4E0A\u4F20\u8D85\u5927\u6587\u4EF6",type:"\u5237\u8D44\u6E90",score:2,knowledge:"\u8981\u4E25\u683C\u9650\u5236\u7528\u6237\u4E0A\u4F20\u6587\u4EF6\u7684\u5927\u5C0F\u548C\u683C\u5F0F\uFF0C\u5E76\u4E14\u7ED9\u5B58\u50A8\u6587\u4EF6\u6DFB\u52A0\u9632\u76D7\u94FE\u3001\u7F13\u5B58\u7B49\u9632\u62A4 / \u51CF\u538B\u63AA\u65BD\uFF0C\u9632\u6B62\u8D44\u6E90\u6D6A\u8D39"},{key:"frequentUpload",desc:"\u75AF\u72C2\u4E0A\u4F20\u6587\u4EF6",type:"\u5237\u8D44\u6E90",score:3,knowledge:"\u5EFA\u8BAE\u9650\u5236\u7528\u6237\u4E0A\u4F20\u6587\u4EF6\u7684\u9891\u7387\uFF0C\u9632\u6B62\u8D44\u6E90\u6D6A\u8D39"},{key:"illegalUpload",desc:"\u4E0A\u4F20\u975E\u6CD5\u811A\u672C\u6587\u4EF6",type:"\u6587\u4EF6\u4E0A\u4F20\u6F0F\u6D1E",score:3,knowledge:"\u8981\u5728\u540E\u7AEF\u4E25\u683C\u9650\u5236\u7528\u6237\u4E0A\u4F20\u6587\u4EF6\u7684\u683C\u5F0F / \u7C7B\u578B / \u6587\u4EF6\u5934\u7B49",href:"https://www.cnblogs.com/chu-jian/p/15553328.html"},{key:"pretendYupi",desc:"\u5192\u5145\u7AD9\u957F\u9C7C\u76AE",type:"\u793E\u4F1A\u5DE5\u7A0B",knowledge:"\u53EF\u4EE5\u7ED9\u7AD9\u70B9\u7279\u6B8A\u7528\u6237\u589E\u52A0\u8BA4\u8BC1\u548C\u6807\u8BC6\u6765\u5E2E\u52A9\u7528\u6237\u533A\u5206",score:4},{key:"getInfoBypass",desc:"\u4ECE\u5176\u4ED6\u5730\u65B9\u83B7\u53D6\u5BC6\u7801",type:"\u793E\u4F1A\u5DE5\u7A0B",score:3,href:"https://baike.baidu.com/item/社会工程攻击",knowledge:"\u4E0D\u8981\u4EE5\u4EFB\u4F55\u5F62\u5F0F\u5728\u7F51\u4E0A\u6563\u64AD\u4F60\u7684\u654F\u611F\u4FE1\u606F\uFF0C\u6CE8\u610F\u81EA\u6211\u4FDD\u62A4"},{key:"0day",desc:"\u96F6\u65E5\u653B\u51FB",type:"\u96F6\u65E5\u653B\u51FB",score:3,knowledge:"\u662F\u6307\u88AB\u53D1\u73B0\u540E\u7ACB\u5373\u88AB\u6076\u610F\u5229\u7528\u7684\u5B89\u5168\u6F0F\u6D1E\uFF0C\u8FD9\u5C31\u9700\u8981\u7F51\u7AD9\u7EF4\u62A4\u4EBA\u5458\u6301\u7EED\u5173\u6CE8\u6700\u65B0\u7684\u5B89\u5168\u6D88\u606F",href:"https://baike.baidu.com/item/零日漏洞"},{key:"readLaw",desc:"\u9605\u8BFB\u7F51\u7EDC\u5B89\u5168\u76F8\u5173\u6CD5\u5F8B",type:"\u804C\u4E1A\u9053\u5FB7",score:2,knowledge:"\u5165\u884C\u7B2C\u4E00\u8BFE\uFF0C\u8BF7\u5927\u5BB6\u9075\u5B88\u6CD5\u5F8B\uFF0C\u4E0D\u8981\u6076\u610F\u653B\u51FB\u4ED6\u4EBA\u7684\u7F51\u7AD9",href:"https://www.hongjibp.com/laws-14402.html"}]
将其稍微格式化一下即可得到上面的bugInfo数组
所以就简单写一段js取出上面bugInfo
数组中每个对象的的key:
var resultArr =[]; bugInfo.forEach(item=>{resultArr.push(item.key);}); console.log(resultArr);/* resultArr = [ "favourInfinite", "thumbUpInfinite", "noQuestionAddPaper", "viewInfinite", "tooManyPick", "xss", "sqlInjection", "tooLong", "badEmail", "errorChar", "tooManySubmit", "badSubmitHotSearch", "badSubmitFuck", "badSubmitRuBBish", "badSubmitAd", "badSubmitYellow", "badSubmitFake", "blastPassword", "spider", "authBypass", "opBypass", "tooFrequentCaptcha", "visitBigPicture", "visitCostApi", "dos", "ddos", "cc", "tooBigUpload", "frequentUpload", "illegalUpload", "pretendYupi", "getInfoBypass", "0day", "readLaw" ] */
最后gameState对象变成这样:
{"init":false,"score":86,"succeedUnitList":["favourInfinite","thumbUpInfinite","noQuestionAddPaper","viewInfinite","tooManyPick","xss","sqlInjection","tooLong","badEmail","errorChar","tooManySubmit","badSubmitHotSearch","badSubmitFuck","badSubmitRuBBish","badSubmitAd","badSubmitYellow","badSubmitFake","blastPassword","spider","authBypass","opBypass","tooFrequentCaptcha","visitBigPicture","visitCostApi","dos","ddos","cc","tooBigUpload","frequentUpload","illegalUpload","pretendYupi","getInfoBypass","0day","readLaw"],"gameTip":false}
将其存入LocalStorage中即可速通
