|
|
BOGUS /sznms/index.php/errnpa/get_paper_info HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36
Host: 172.100.30.202
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Origin: http://172.100.30.202
Referer: http://172.100.30.202/sznms/app_view/default.html
Accept: */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Language: zh-CN,zh;q=0.8
HTTP/1.1 200 OK
Content-Length: 55
Server: Apache/2.4.10 (Win32) OpenSSL/0.9.8zb PHP/5.2.17
Set-Cookie: csrf_cookie_name=c35fe3f53b099ca0f10c1ffbb3e0d4df; expires=Tue, 08-Nov-2016 09:35:39 GMT; path=/
Set-Cookie: PHPSESSID=12ae9045c6f9a54a782112ad6e6f0e8c; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
X-Powered-By: PHP/5.2.17
Connection: Keep-Alive
Date: Tue, 08 Nov 2016 07:35:39 GMT
Keep-Alive: timeout=5, max=82
Content-Type: text/html
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
no_order:"0",over_paper:"0",working:"0",total_paper:"0"
上面是修改后返回的结果.原来是POST的.现在用工具改成了BOGUS也请求到了数据.求大神给个安全性的思路.
|
|
IP卡
狗仔卡
发表于 2016-11-16 17:31:42
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡
发表于 2016-11-16 19:34:24
楼主