May 18, 2021 WeChat Mini Program Development Document
Injection vulnerabilities (SQL, commands, etc.) typically mean that the user bypasses background code restrictions and executes custom code directly within the database, shell, etc.
Common injection vulnerabilities are:
SQL injection refers to the Web program code for the parameters submitted by the user without effective filtering directly stitched into the SQL statement execution, resulting in the parameters of the special characters broke the original logic of SQL statements, hackers can take advantage of the vulnerability to execute arbitrary SQL statements.
Development recommendations:
A command injection vulnerability is when a web app does not effectively filter user-controlled parameters, and an attacker can construct malicious parameters to stitch them together to execute any command.
Development recommendations:
A weak password means that the username password for managing the background is set up more simply or with the default account number. An attacker could modify background data by logging into these accounts or perform the next intrusion.
Development recommendations:
File upload vulnerability refers to a web application that allows users to upload specified files without verifying the legitimacy of file types, formats, etc., resulting in the ability to upload files in an unattrexpected format.
Development recommendations:
A file download vulnerability is when a web app allows a web app to allow users to download the corresponding file by specifying a path and file name, but does not correctly limit the scope of the directory in which the downloadable file is located, resulting in the download of files outside the expected range being compromised.
Development recommendations:
Directory traversal refers to a leak of server directory content caused by insufficient validation or inadequate configuration of user input by the background service. Externally, sensitive files such as system files, background code, etc. may be traversed through the directory.
Development recommendations:
A more common example of conditional competition is when an attacker achieves the effects that can be triggered by abnormal logic such as multiple awards, multiple harvests, multiple gifts, etc. through a complex https request.
// 从DB里查询该用户剩余获奖次数,初始值为1
int remain_times = SelectRemainTimes();
if(remain_times > 0){
EarnRewards(); // 用户获得奖励
ClearRemainTimes(); // 在DB里把该用户的剩余获奖次数清零
}
The developer was designed to allow the user to receive a reward only once, but when a parallel request occurs, there is a possibility that both request A and request B will execute line 2 code, when the remain_times of both requests is 1, i.e. two rewards can be obtained by judging by the fourth line of code.
Development recommendations: