Vulnerability detection method and device

A vulnerability detection and vulnerability technology, applied in the Internet field, can solve the problems of horizontal authority vulnerability, it is difficult to achieve prevention or solution, and there is no provision for horizontal authority vulnerability detection, so as to save labor cost and achieve low cost

Active Publication Date: 2020-03-27
ALIBABA GRP HLDG LTD
View PDF9 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, most of the identifiers of the operated objects are set as self-incrementing integers, so the attacker only needs to add 1 or subtract 1 to the relevant identifier until the traversal, and then he can operate the objects associated with other users, which forms a horizontal authority loophole
[0003] Since the operations of such associated objects are all business-related and the interfaces are independent, it is difficult to implement a general prevention or solution, and there is no technology that is easy to implement and can effectively detect horizontal authority vulnerabilities in the prior art Program

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Vulnerability detection method and device
  • Vulnerability detection method and device
  • Vulnerability detection method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0017] Embodiments of the present application are described in detail below, examples of which are shown in the drawings, wherein the same or similar reference numerals denote the same or similar elements or elements having the same or similar functions throughout. The embodiments described below by referring to the figures are exemplary, and are only for explaining the present application, and should not be construed as limiting the present application. On the contrary, the embodiments of the present application include all changes, modifications and equivalents falling within the spirit and scope of the appended claims.

[0018] figure 1 It is a flowchart of an embodiment of the vulnerability detection method of this application, such as figure 1 As shown, the vulnerability detection method may include:

[0019] Step 101, receiving and saving the login information of the website.

[0020] In this embodiment, after logging in to the website through the browser, the browser...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The application provides a vulnerability detection method and device. The vulnerability detection method comprises the following steps: receiving and saving login information of a website; sending an access request to a server corresponding to a unified resource locator URL in the website, wherein the access request comprises the login information of the website; receiving a return result which is sent by the server and corresponding to the URL; and detecting whether the vulnerability exits in the URL according to the return result corresponding to the URL. By use of the method provided by the application, whether the vulnerability exits in the URL is detected according to the return result corresponding to the URL, the large-batch automatic detection for the existence of the level permission vulnerability in the URL or not can be effectively realized, the realization cost is low, and the large number of labor cost can be saved.

Description

technical field [0001] The present application relates to the technical field of the Internet, in particular to a vulnerability detection method and device. Background technique [0002] Horizontal permission vulnerabilities generally occur when a user object is associated with multiple other objects (orders and / or addresses, etc.), and it is necessary to implement add, read, update, and delete operations on the associated objects (Create Retrieve Update Delete; hereinafter referred to as: CRUD) when. Developers generally habitually find out the identity of the object to be operated according to the identity of the authenticated user when generating the CRUD form, provide an entry, and then let the user submit a request, and operate the relevant object according to this identity. When processing CRUD requests, it is often defaulted that only authorized users can obtain the entry and then operate related objects, so the authorization is no longer verified. However, most of ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/57
CPCG06F21/577G06F2221/034
Inventor 余成章王意林
Owner ALIBABA GRP HLDG LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap