a summary of the mining of logic loopholes and ultra vires loopholes

Posted by lipsius at 2020-03-20

A learning pig

Essay - 56 articles - 0 comments - 4

The common point of both vulnerability mining is to analyze the decisive parameters of this function

Ultra vires detect parameters that determine the identity of the function to be used

Logic vulnerability tests the parameters that determine the function effect

For example, an article editing function

To find the ultra vires vulnerability, you can see whether its ID determines the parameters, and judge whether other articles can be modified by modifying the ID. This is the operation disguised as someone else's identity

However, as long as you focus on the function and related parameters. Don't pay too much attention to how to classify.

Refresh comments refresh page back to top