5 Business logic vulnerabilities 业务逻辑漏洞

目录

    • 5 Business logic vulnerabilities 业务逻辑漏洞
  • 一、What
  • 二、业务逻辑漏洞如何产生
  • 三、impacts
  • 四、examples
    • 1.对客户端控件的过度信任
      • Lab: Excessive trust in client-side controls
      • Lab: 2FA broken logic
    • 2.未能处理非常规输入
      • Lab: High-level logic vulnerability
      • Lab: Low-level logic flaw
      • Lab: Inconsistent handling of exceptional input 异常输入的不一致处理
    • 3. 对用户行为做出错误的假设
    • 4. 值得信任的用户并不总是值得信任的
      • Lab: Inconsistent security controls
    • 5. 用户将不会总是提供强制性输入
      • Lab: Weak isolation on dual-use endpoint对两用终点的隔离作用弱
    • 6.用户将不会总是遵循预期的顺序
      • Lab: Insufficient workflow validation
      • Lab: Authentication bypass via flawed state machine通过有缺陷的状态机绕过身份验证
    • 7.Domain-specific flaws
      • Lab: Flawed enforcement of business rules
      • Lab: Infinite money logic flaw
    • 8. 提供加密oracle
      • Lab: Authentication bypass via encryption oracle(temp)
  • 五、如何避免
  1. In this section, we’ll introduce the concept of business logic vulnerabilities and explain how they can arise due to flawed assumptions about user behavior. 它们是如何因对用户行为的错误假设而产生的。
  2. We’ll discuss the potential impact of logic flaws and teach you how they can be exploited. You can also practice what you’ve learned using our interactive labs, which are based on real bugs that we’ve encountered in the wild.
  3. Finally, we’ll provide some general best practices to help you prevent these kinds of logic flaws arising in your own applications.

一、What

  • Business logic vulnerabilities are flaws in the design and implementation of an application that allow an attacker to elicit unintended behavior. 应用程序的设计和实现中允许攻击者引发意外行为

  • This potentially enables attackers to manipulate legitimate functionality to achieve a malicious怀有恶意的;恶毒的goal. 操作合法功能

  • These flaws are generally the result of failing to anticipate unusual application states that may occur and, consequently, failing to handle them safely.由于未能预料到可能发生的不寻常的应用程序状态

  • In this context, the term “business logic” simply refers to the set of rules that define how the application operates. As these rules aren’t always directly related to a business, the associated vulnerabilities are also known as “application logic vulnerabilities” or simply “logic flaws”.术语“业务逻辑”只是指定义应用程序如何操作的规则集。由于这些规则并不总是与业务直接相关,因此相关的漏洞也称为“应用程序逻辑漏洞”或简单地称为“逻辑缺陷”。

  • Logic flaws are often invisible to people who aren’t explicitly looking for them as they typically won’t be exposed by normal use of the application. 通常不会被公开

  • However, an attacker may be able to exploit behavioral quirks by interacting with the application in ways that developers never intended.攻击者可能通过与应用程序以开发人员从未想过的方式交互来利用行为怪癖。

  • One of the main purposes of business logic is to enforce the rules and constraints that were defined when designing the application or functionality. Broadly speaking, the business rules dictate how the application should react when a given scenario occurs. This includes preventing users from doing things that will have a negative impact on the business or that simply don’t make sense.业务逻辑的主要目的之一是实施在设计应用程序或功能时定义的规则和约束。一般来说,业务规则规定了当给定场景发生时应用程序应该如何作出反应。这包括防止用户做那些会对业务产生负面影响或根本没有意义的事情。

  • Flaws in the logic can allow attackers to circumvent these rules. 绕过

  • For example, they might be able to complete a transaction without going through the intended purchase workflow. 他们可以在不经过预期的购买工作流的情况下完成交易

  • In other cases, broken or non-existent validation of user-supplied data might allow users to make arbitrary changes to transaction-critical values or submit nonsensical input. By passing unexpected values into server-side logic, an attacker can potentially induce the application to do something that it isn’t supposed to.损坏或不存在用户提供的数据验证可能允许用户对事务临界值进行任意更改或提交无意义的输入。通过向服务器端逻辑传递意外的值,攻击者可以潜在地诱导应用程序做一些它不应该做的事情

  • Logic-based vulnerabilities can be extremely diverse and are often unique to the application and its specific functionality. 应用程序功能特有的

  • Identifying them often requires a certain amount of human knowledge, such as an understanding of the business domain or what goals an attacker might have in a given context. This makes them difficult to detect using automated vulnerability scanners. As a result, logic flaws are a great target for bug bounty hunters and manual testers in general. 逻辑漏洞成为了属类中的赏金猎人和手动测试人员的理想目标

二、业务逻辑漏洞如何产生

  • Business logic vulnerabilities often arise because the design and development teams make flawed assumptions about how users will interact with the application.缺陷的假设:用户和应用交互

  • These bad assumptions can lead to inadequate validation of user input. 可能导致用户输入的验证不足 For example, if the developers assume that users will pass data exclusively via a web browser, the application may rely entirely on weak client-side controls to validate input. These are easily bypassed by an attacker using an intercepting proxy. 仅通过Web浏览器传递数据,应用程序可能完全依赖弱客户端控件来验证输入。攻击者可以使用拦截代理很容易地绕过它们。

  • Ultimately, this means that when an attacker deviates from the expected user behavior, the application fails to take appropriate steps to prevent this and, subsequently, fails to handle the situation safely.最终,这意味着当攻击者偏离预期的用户行为时,应用程序无法采取适当的步骤来防止这种情况,进而无法安全地处理这种情况。

  • Logic flaws are particularly common in overly complicated systems that even the development team themselves do not fully understand.在开发团队自己都不能完全理解的过于复杂的系统中逻辑缺陷尤其常见。

  • To avoid logic flaws, developers need to understand the application as a whole.

  • This includes being aware of how different functions can be combined in unexpected ways. 了解不同的功能如何以意想不到的方式组合。- - Developers working on large code bases may not have an intimate understanding of how all areas of the application work. 在大型代码基础上工作的开发人员可能不了解应用程序的所有领域是如何工作的。

  • Someone working on one component could make flawed assumptions about how another component works and, as a result, inadvertently introduce serious logic flaws. 在一个组件上工作的人可能会对另一个组件的工作方式做出有缺陷的假设,从而无意中引入严重的逻辑缺陷。

  • If the developers do not explicitly document any assumptions that are being made, it is easy for these kinds of vulnerabilities to creep into an application. 如果开发人员没有明确地记录正在进行的任何假设,那么这些类型的漏洞很容易潜入应用程序

三、impacts

  • The impact of business logic vulnerabilities can, at times, be fairly trivial. It is a broad category and the impact is highly variable.业务逻辑漏洞的影响有时可能相当微不足道。这是一个广泛的类别,影响是高度可变的。

  • However, any unintended behavior can potentially lead to high-severity attacks if an attacker is able to manipulate the application in the right way. For this reason, quirky logic should ideally be fixed even if you can’t work out how to exploit it yourself. There is always a risk that someone else will be able to.如果攻击者能够以正确的方式操作应用程序,那么任何意外的行为都可能导致严重的攻击。因此,理想情况下,古怪的逻辑应该是固定的,即使你自己不能想出如何利用它。总有一个风险,别人也有可能。

  • Fundamentally, the impact of any logic flaw depends on what functionality it is related to. If the flaw is in the authentication mechanism, for example, this could have a serious impact on your overall security. Attackers could potentially exploit this for privilege escalation, or to bypass authentication entirely, gaining access to sensitive data and functionality. This also exposes an increased attack surface for other exploits.从根本上说,任何逻辑缺陷的影响取决于它与什么功能相关。例如,如果缺陷是在身份验证机制中,这可能会对您的整体安全性产生严重影响。攻击者可能利用这一点来升级权限,或者完全绕过身份验证,获得对敏感数据和功能的访问权。这也增加了其他漏洞的攻击面。

  • Flawed logic in financial transactions can obviously lead to massive losses for the business through stolen funds, fraud, and so on.金融交易中的错误逻辑显然会通过资金被盗、欺诈等方式给企业带来巨大损失

  • You should also note that even though logic flaws may not allow an attacker to benefit directly, they could still allow a malicious party to damage the business in some way. 即使逻辑缺陷可能不允许攻击者直接受益,他们仍然可能允许恶意方以某种方式破坏业务。

四、examples

The best way to understand business logic vulnerabilities is to look at real-world cases and learn from the mistakes that were made. We’ve provided concrete examples of a variety of common logic flaws, as well as some deliberately vulnerable websites so that you can practice exploiting these vulnerabilities yourself.

  • Business logic vulnerabilities are relatively specific to the context in which they occur. However, although individual instances of logic flaws differ hugely, they can share many common themes. In particular, they can be loosely grouped based on the initial mistakes that introduced the vulnerability in the first place.业务逻辑漏洞相对特定于它们发生的上下文。然而,尽管逻辑缺陷的个别实例差别很大,但它们可以共享许多共同的主题。特别是,可以根据最初引入漏洞的错误松散地对它们进行分组。

In this section, we’ll look at examples of some typical mistakes that design and development teams make and show you how they can directly lead to business logic flaws. Whether you’re developing your own applications, or auditing 审计existing ones, you can take the lessons learned from these examples and apply the same critical thinking to other applications that you encounter.

1.对客户端控件的过度信任

Excessive trust in client-side controls

  • A fundamentally flawed assumption is that users will only interact with the application via the provided web interface. This is especially dangerous because it leads to the further assumption that client-side validation will prevent users from supplying malicious input. However, an attacker can simply use tools such as Burp Proxy to tamper with the data after it has been sent by the browser but before it is passed into the server-side logic. This effectively renders the client-side controls useless.一个根本错误的假设是,用户只会通过提供的web界面与应用程序交互。这尤其危险,因为它会导致进一步的假设,即客户端验证将阻止用户提供恶意输入。然而,攻击者可以简单地使用Burp Proxy等工具篡改由浏览器发送的数据,但在数据被传递到服务器端逻辑之前。这有效地使客户端控件变得无用。

  • Accepting data at face value, without performing proper integrity checks and server-side validation, can allow an attacker to do all kinds of damage with relatively minimal effort. Exactly what they are able to achieve is dependent on the functionality and what it is doing with the controllable data. In the right context, this kind of flaw can have devastating consequences for both business-related functionality and the security of the website itself. 按表面价值接受数据,而不执行适当的完整性检查和服务器端验证,可能使攻击者以相对较小的努力进行各种破坏。它们所能达到的效果取决于其功能以及对可控数据的处理。在适当的情况下,这种缺陷可能会对商业相关的功能和网站本身的安全造成毁灭性的后果

Lab: Excessive trust in client-side controls

This lab doesn’t adequately validate user input. You can exploit a logic flaw in its purchasing workflow to buy items for an unintended price. To solve the lab, buy a "Lightweight l33t leather jacket".
You can log in to your own account using the following credentials:
wiener:peter

  1. With Burp running, log in and attempt to buy the leather jacket. The order is rejected because you don’t have enough store credit.
  2. In Burp, go to “Proxy” > “HTTP history” and study the order process. Notice that when you add an item to your cart, the corresponding request contains a price parameter. Send the POST /cart request to Burp Repeater.
  3. In Burp Repeater, change the price to an arbitrary integer and send the request. Refresh the cart and confirm that the price has changed based on your input.
  4. Repeat this process to set the price to any amount less than your available store credit. Complete the order to solve the lab. 重复此过程,将价格设置为低于可用商店积分的任何金额





Lab: 2FA broken logic

This lab’s two-factor authentication is vulnerable due to its flawed logic. To solve the lab, access Carlos’s account page.

Your credentials: wiener:peter
Victim's username: carlos

You also have access to the email server to receive your 2FA verification code.

  1. With Burp running, log in to your own account and investigate the 2FA verification process. Notice that in the POST /login2 request, the verify parameter is used to determine which user’s account is being accessed.
  2. Log out of your account.
  3. Send the GET /login2 request to Burp Repeater. Change the value of the verify parameter to carlos and send the request. This ensures that a temporary 2FA code is generated for Carlos.
  4. Go to the login page and enter your username and password. Then, submit an invalid 2FA code.
  5. Send the POST /login2 request to Burp Intruder. In Burp Intruder, set the verify parameter to carlos and add a payload position to the mfa-code parameter. Brute-force the verification code.
  6. Load the 302 response in your browser.
  7. Click “My account” to solve the lab.



2.未能处理非常规输入

Failing to handle unconventional input

  • One aim of the application logic is to restrict user input to values that adhere to the business rules. 应用程序逻辑的目的之一是将用户输入限制为符合业务规则的值

  • For example, the application may be designed to accept arbitrary values of a certain data type, but the logic determines whether or not this value is acceptable from the perspective of the business. Many applications incorporate numeric limits into their logic. This might include limits designed to manage inventory, apply budgetary restrictions, trigger phases of the supply chain, and so on.例如,可以将应用程序设计为接受某种数据类型的任意值,但是从业务的角度来看,逻辑决定该值是否可接受。许多应用程序将数字限制合并到它们的逻辑中。这可能包括用于管理库存的限制、应用预算限制、供应链的触发阶段等等。

  • Let’s take the simple example of an online shop. When ordering products, users typically specify the quantity that they want to order. Although any integer is theoretically a valid input, the business logic might prevent users from ordering more units than are currently in stock, for example.
    让我们以一个简单的在线商店为例。在订购产品时,用户通常指定他们想订购的数量。尽管理论上任何整数都是有效的输入,但是业务逻辑可能会阻止用户订购比当前库存更多的产品

  • To implement rules like this, developers need to anticipate all possible scenarios and incorporate ways to handle them into the application logic. In other words, they need to tell the application whether it should allow a given input and how it should react based on various conditions. If there is no explicit logic for handling a given case, this can lead to unexpected and potentially exploitable behavior.要实现这样的规则,开发人员需要预测所有可能的场景,并将处理它们的方法合并到应用程序逻辑中。换句话说,它们需要告诉应用程序它是否应该允许给定的输入,以及它应该如何根据各种条件作出反应。如果没有显式的逻辑来处理给定的情况,这可能会导致意外的和潜在的可利用行为。

  • For example, a numeric data type might accept negative values. Depending on the related functionality, it may not make sense for the business logic to allow this. However, if the application doesn’t perform adequate server-side validation and reject this input, an attacker may be able to pass in a negative value and induce unwanted behavior.例如,数字数据类型可能接受负值。 根据相关的功能,业务逻辑不允许这样做。 但是,如果应用程序未执行适当的服务器端验证拒绝了此输入,则攻击者可能会传递负值并引起不良行为

  • Consider a funds transfer between two bank accounts. This functionality will almost certainly check whether the sender has sufficient funds before completing the transfer:考虑两个银行账户之间的资金转移。这个功能几乎肯定会检查发送者在完成转账之前是否有足够的资金

$transferAmount = $_POST['amount'];
$currentBalance = $user->getBalance();if ($transferAmount <= $currentBalance) {// Complete the transfer
} else {// Block the transfer: insufficient funds
}

  • But if the logic doesn’t sufficiently prevent users from supplying a negative value in the amount parameter, this could be exploited by an attacker to both bypass the balance check and transfer funds in the “wrong” direction. If the attacker sent -$1000 to the victim’s account, this might result in them receiving $1000 from the victim instead. The logic would always evaluate that -1000 is less than the current balance and approve the transfer.但是,如果逻辑不能充分防止用户在数量参数中提供负值,那么攻击者就可能利用这一点绕过余额检查,并向“错误的”方向转移资金。如果攻击者**发送- 1000美元到受害者的帐户,这可能导致他们从受害者收到1000美元。**逻辑将总是评估-1000小于当前余额,并批准转移。

  • Simple logic flaws like this can be devastating if they occur in the right functionality. They are also easy to miss during both development and testing, especially given that such inputs may be blocked by client-side controls on the web interface.
    如果这种简单的逻辑缺陷出现在正确的功能中,那么它们将是毁灭性的。它们在开发和测试期间也很容易被忽略,特别是考虑到这些输入可能会被web界面上的客户端控件阻塞

  • When auditing an application, you should use tools such as Burp Proxy and Repeater to try submitting unconventional values. In particular, try input in ranges that legitimate users are unlikely to ever enter. This includes exceptionally high or exceptionally low numeric inputs and abnormally long strings for text-based fields. You can even try unexpected data types. By observing the application’s response, you should try and answer the following questions:在审核应用程序时,应该使用Burp Proxy和Repeater等工具来尝试提交非常规的值。特别是,尝试输入合法用户不太可能输入的范围。这包括异常高或异常低的数字输入和基于文本的字段的异常长字符串。您甚至可以尝试意想不到的数据类型。通过观察应用程序的响应,您应该尝试回答以下问题:

  • Are there any limits that are imposed on the data?对数据有什么限制吗?

  • What happens when you reach those limits?当你达到这些极限时会发生什么?

  • Is any transformation or normalization being performed on your input?是否对输入执行了任何转换或标准化?
    -This may expose weak input validation that allows you to manipulate the application in unusual ways. Keep in mind that if you find one form on the target website that fails to safely handle unconventional input, it’s likely that other forms will have the same issues. 这可能会暴露弱输入验证,允许您以不寻常的方式操作应用程序。请记住,如果您在目标网站上发现一个表单不能安全地处理非常规输入,很可能其他表单也会有同样的问题。

Lab: High-level logic vulnerability

This lab doesn’t adequately validate user input. You can exploit a logic flaw in its purchasing workflow to buy items for an unintended price. To solve the lab, buy a "Lightweight l33t leather jacket".

You can log in to your own account using the following credentials: wiener:peter

  1. With Burp running, log in and add a cheap item to your cart.
  2. In Burp, go to “Proxy” > “HTTP history” and study the corresponding HTTP messages. Notice that the quantity is determined by a parameter in the POST /cart request.
  3. Go to the “Intercept” tab and turn on interception. Add another item to your cart and go to the intercepted POST /cart request in Burp.
  4. Change the quantity parameter to an arbitrary integer, then forward any remaining requests. Observe that the quantity in the cart was successfully updated based on your input.
  5. Repeat this process, but request a negative quantity this time. Check that this is successfully deducted from the cart quantity.
  6. Request a suitable negative quantity to remove more units from the cart than it currently contains. Confirm that you have successfully forced the cart to contain a negative quantity of the product. Go to your cart and notice that the total price is now also a negative amount. 请求一个合适的负数量从购物车中移除比当前包含的更多的单位。确认您已成功迫使购物车包含负数量的产品。去你的购物车,注意到总价格现在也是一个负数。
  7. Add the leather jacket to your cart as normal. Add a suitable negative quantity of the another item to reduce the total price to less than your remaining store credit.
  8. Place the order to solve the lab.






Lab: Low-level logic flaw

This lab doesn’t adequately validate user input. You can exploit a logic flaw in its purchasing workflow to buy items for an unintended price. To solve the lab, buy a “Lightweight l33t leather jacket”.

You can log in to your own account using the following credentials: wiener:peter

  1. With Burp running, log in and attempt to buy the leather jacket. The order is rejected because you don’t have enough store credit. In the proxy history, study the order process. Send the POST /cart request to Burp Repeater.
  2. In Burp Repeater, notice that you can only add a 2-digit quantity with each request. Send the request to Burp Intruder.
  3. Go to Burp Intruder. On the “Positions” tab, clear all the default payload positions and set the quantity parameter to 99.
  4. On the “Payloads” tab, select the payload type “Null payloads”. Under “Payload options”, select “Continue indefinitely”. Start the attack.
  5. While the attack is running, go to your cart. Keep refreshing the page every so often and monitor the total price. Eventually, notice that the price suddenly switches to a large negative integer and starts counting up towards 0. The price has exceeded the maximum value permitted for an integer in the back-end programming language (2,147,483,647). As a result, the value has looped back around to the minimum possible value (-2,147,483,647).
  6. Clear your cart. In the next few steps, we’ll try to add enough units so that the price loops back around and settles between $0 and the $100 of your remaining store credit. This is not mathematically possible using only the leather jacket. 在接下来的几个步骤中,我们将尝试添加足够的单位,以便价格循环回到0美元和100美元之间的剩余商店积分。仅用皮夹克在数学上是不可能做到的。
  7. Create the same Intruder attack again, but this time, under “Payloads” > “Payload Options”, choose to generate exactly 323 payloads. On the “Options” tab, set the thread count to 1. Start the attack.
  8. When the Intruder attack finishes, go to the POST /cart request in Burp Repeater and send a single request for 47 jackets. The total price of the order should now be -$1221.96.
  9. Use Burp Repeater to add a suitable quantity of another item to your cart so that the total falls between $0 and $100.
  10. Place the order to solve the lab.


发现买不起




最后,注意到价格突然变成了一个大的负整数,并开始向0递增。该价格已超过后端编程语言中整数允许的最大值(2147,483,647)。结果,该值返回到可能的最小值(-2,147,483,647)。


应该是对的

(-2,147,483,647,2,147,483,647)
2*2,147,483,647 ➗1337=3,212,391.39
1337-1221=116>100 ====>仅用1337的商品不可

== 323 + 47?==

-1227 用其他商品 加

Lab: Inconsistent handling of exceptional input 异常输入的不一致处理

This lab doesn’t adequately validate user input. You can exploit a logic flaw in its account registration process to gain access to administrative functionality. To solve the lab, access the admin panel and delete Carlos.

  1. While proxying traffic through Burp, open the lab and go to the “Target” > “Site map” tab. Right-click on the lab domain and select “Engagement tools” > “Discover content” to open the content discovery tool.

  2. Click “Session is not running” to start the content discovery. After a short while, look at the “Site map” tab in the dialog. Notice that it discovered the path /admin.

  3. Try to browse to /admin. Although you don’t have access, an error message indicates that DontWannaCry users do.

  4. Go to the account registration登记 page. Notice the message telling DontWannaCry employees to use their company email address.

  5. From the button in the lab banner, open the email client. Make a note of the unique ID in the domain name for your email server (@YOUR-EMAIL-ID.web-security-academy.net). Go back to the lab and register with an exceptionally long email address in the format:
    very-long-string@YOUR-EMAIL-ID.web-security-academy.netThe very-long-string should be at least 200 characters long.
    7. Go to the email client and notice that you have received a confirmation email. Click the link to complete the registration process.
    8. Log in and go to the “My account” page. Notice that your email address has been truncated截断 to 255 characters.
    9. Log out and go back to the account registration page.
    10. Register a new account with another long email address, but this time include dontwannacry.com as a subdomain in your email address as follows:very-long-string@dontwannacry.com.YOUR-EMAIL-ID.web-security-academy.net
    Make sure that the very-long-string is the right number of characters so that the “m” at the end of @dontwannacry.com is character 255 exactly.
    11. Go to the email client and click the link in the confirmation email that you have received**. Log in to your new account and notice that you now have access to the admin panel.** The confirmation email was successfully sent to your email client, but the application server truncated the address associated with your account to 255 characters. As a result, you have been able to register with what appears to be a valid @dontwannacry.com address. You can confirm this from the “My account” page.
    12. Go to the admin panel and delete Carlos to solve the lab.

    用户名密码随便







3. 对用户行为做出错误的假设

  • One of the most common root causes of logic vulnerabilities is making flawed assumptions about user behavior. 对用户行为做出有缺陷的假设
  • This can lead to a wide range of issues where developers have not considered potentially dangerous scenarios that violate these assumptions. 这可能导致开发人员没有考虑到违反这些假设的潜在危险场景的广泛问题。
  • In this section, we’ll provide some cautionary劝告的 examples of common assumptions that should be avoided and demonstrate how they can lead to dangerous logic flaws.

4. 值得信任的用户并不总是值得信任的

Trusted users won’t always remain trustworthy

  • Applications may appear to be secure because they implement seemingly robust measures to enforce the business rules. Unfortunately, some applications make the mistake of assuming that, having passed these strict controls initially, the user and their data can be trusted indefinitely. This can result in relatively lax 不严格的enforcement of the same controls from that point on.

  • If business rules and security measures are not applied consistently throughout the application, this can lead to potentially dangerous loopholes that may be exploited by an attacker. 如果业务规则和安全措施没有在整个应用程序中一致地应用,这可能会导致可能被攻击者利用的潜在危险漏洞。

Lab: Inconsistent security controls
  • This lab’s flawed logic allows arbitrary users to access administrative functionality that should only be available to company employees. To solve the lab, access the admin panel and delete Carlos.
  1. Open the lab then go to the “Target” > “Site map” tab in Burp. Right-click on the lab domain and select "Engagement tools" > “Discover content” to open the content discovery tool.
  2. Click “Session is not running” to start the content discovery. After a short while, look at the “Site map” tab in the dialog. Notice that it discovered the path /admin.
  3. Try and browse to /admin. Although you don’t have access, the error message indicates that DontWannaCry users do.
  4. Go to the account registration page. Notice the message telling DontWannaCry employees to use their company email address. Register with an arbitrary email address in the format: anything@your-email-id.web-security-academy.netYou can find your email domain name by clicking the “Email client” button.
  5. Go to the email client and click the link in the confirmation email to complete the registration.
  6. Log in using your new account and go to the “My account” page. Notice that you have the option to change your email address. Change your email address to an arbitrary @dontwannacry.com address.
  7. Notice that you now have access to the admin panel, where you can delete Carlos to solve the lab.

@ac091f411f0eb41a80aa082f01bd00e1.web-security-academy.net




5. 用户将不会总是提供强制性输入

Users won’t always supply mandatory input

  • One misconception is that users will always supply values for mandatory input fields. Browsers may prevent ordinary users from submitting a form without a required input, but as we know, attackers can tamper with parameters in transit. This even extends to removing parameters entirely.浏览器可能会阻止普通用户在没有必要输入的情况下提交表单,但正如我们所知,攻击者可以在传输过程中篡改参数。这甚至可以扩展到完全删除参数。

  • This is a particular issue in cases where multiple functions are implemented within the same server-side script. In this case, the presence or absence of a particular parameter may determine which code is executed. Removing parameter values may allow an attacker to access code paths that are supposed to be out of reach.

  • When probing for logic flaws, you should try removing each parameter in turn and observing what effect this has on the response. You should make sure to:

  • Only remove one parameter at a time to ensure all relevant code paths are reached.

  • Try deleting the name of the parameter as well as the value. The server will typically handle both cases differently.

  • Follow multi-stage processes through to completion. Sometimes tampering with a parameter in one step will have an effect on another step further along in the workflow.遵循多阶段流程直至完成。有时篡改一个步骤中的参数会对工作流中的一个步骤产生影响。

  • This applies to both URL and POST parameters, but don’t forget to check the cookies too. This simple process can reveal some bizarre application behavior that may be exploitable. 这适用于URL和POST参数,但是不要忘记检查cookie。这个简单的过程可以揭示一些可能被利用的奇怪的应用程序行为。

Lab: Weak isolation on dual-use endpoint对两用终点的隔离作用弱

This lab makes a flawed assumption about the user’s privilege level based on their input. As a result, you can exploit the logic of its account management features to gain access to arbitrary users’ accounts. To solve the lab, access the administrator account and delete Carlos.

You can log in to your own account using the following credentials: wiener:peter

  1. With Burp running, log in and access your account page.
  2. Change your password.
  3. Study the POST /my-account/change-password request in Burp Repeater.
  4. Notice that if you remove the current-password parameter entirely, you are able to successfully change your password without providing your current one.
  5. Observe that the user whose password is changed is determined by the username parameter. Set username=administrator and send the request again.
  6. Log out and notice that you can now successfully log in as the administrator using the password you just set.
  7. Go to the admin panel and delete Carlos to solve the lab.








6.用户将不会总是遵循预期的顺序

  • Many transactions(事务处理) rely on predefined workflows consisting of a sequence of steps.

  • The web interface will typically guide users through this process, taking them to the next step of the workflow each time they complete the current one.

  • However, attackers won’t necessarily adhere to this intended sequence. Failing to account for this possibility can lead to dangerous flaws that may be relatively simple to exploit.攻击者不一定会遵循

  • For example, many websites that implement two-factor authentication (2FA) require users to log in on one page before entering a verification code on a separate page. Assuming that users will always follow this process through to completion and, as a result, not verifying that they do, may allow attackers to bypass the 2FA step entirely.

  • Making assumptions about the sequence of events can lead to a wide range of issues even within the same workflow or functionality.

  • Using tools like Burp Proxy and Repeater, once an attacker has seen a request, they can replay it at will and use forced browsing to perform any interactions with the server in any order they want. This allows them to complete different actions while the application is in an unexpected state.这允许它们在应用程序处于意外状态时完成不同的操作

  • To identify these kinds of flaws, you should use forced browsing to submit requests in an unintended sequence.

  • For example, you might skip certain steps, access a single step more than once, return to earlier steps, and so on. Take note of how different steps are accessed. Although you often just submit a GET or POST request to a specific URL, sometimes you can access steps by submitting different sets of parameters to the same URL. 例如,您可以跳过某些步骤,多次访问个步骤,返回到前面的步骤,等等。请注意访问不同步骤的方式。虽然您通常只是向特定的URL提交GET或POST请求,但有时您可以通过向相同的URL提交不同参数集来访问步骤。

  • As with all logic flaws, try to identify what assumptions the developers have made and where the attack surface lies. You can then look for ways of violating these assumptions.
    与所有逻辑缺陷一样,尝试确定开发人员做出了哪些假设,以及攻击的接口在哪里。然后,您可以寻找违反这些假设的方法。

  • Note that this kind of testing will often cause exceptions because expected variables have null or uninitialized values.

  • Arriving at a location in a partly defined or inconsistent state is also likely to cause the application to complain.到达处于部分定义或不一致状态的位置也可能导致应用程序投诉

  • In this case, be sure to pay close attention to any error messages or debug information that you encounter. These can be a valuable source of information disclosure信息开源, which can help you fine-tune your attack and understand key details about the back-end behavior.可以帮助您调整攻击并了解有关后端行为的关键细节

Lab: Insufficient workflow validation

This lab makes flawed assumptions about the sequence of events in the purchasing workflow. To solve the lab, exploit this flaw to buy a “Lightweight l33t leather jacket”.

You can log in to your own account using the following credentials: wiener:peter

  1. With Burp running, log in and buy any item that you can afford with your store credit.
  2. Study the proxy history. Observe that when you place an order, the POST /cart/checkout request redirects you to an order confirmation page. Send GET /cart/order-confirmation?order-confirmation=true to Burp Repeater.
  3. Add the leather jacket to your basket.
  4. In Burp Repeater, resend the order confirmation request. Observe that the order is completed without the cost being deducted from your store credit and the lab is solved. 在没有从您的商店积分中扣除成本的情况下,订单已经完成



Lab: Authentication bypass via flawed state machine通过有缺陷的状态机绕过身份验证

This lab makes flawed assumptions about the sequence of events in the login process. To solve the lab, exploit this flaw to bypass the lab’s authentication, access the admin interface, and delete Carlos.

You can log in to your own account using the following credentials: wiener:peter

  1. With Burp running, complete the login process and notice that you need to select your role before you are taken to the home page.
  2. Use the content discovery tool to identify the /admin path.
  3. Try browsing to /admin directly from the role selection page and observe that this doesn’t work.
  4. Log out and then go back to the login page. In Burp, turn on proxy intercept then log in.
  5. Forward the POST /login request. The next request is GET /role-selector.
  6. Drop this request and then browse to the lab’s home page. Observe that your role has defaulted to the administrator role and you have access to the admin panel.
  7. Delete Carlos to solve the lab.





7.Domain-specific flaws

特定于域的缺陷

  • In many cases, you will encounter logic flaws that are specific to the business domain or the purpose of the site.特定于业务领域站点

  • The discounting functionality of online shops is a classic attack surface when hunting for logic flaws. 网上商店的折扣功能是一个经典的攻击This can be a potential gold mine for an attacker, with all kinds of basic logic flaws occurring in the way discounts are applied.应用折扣的方式中会出现各种基本的逻辑缺陷

  • For example, consider an online shop that offers a 10% discount on orders over $1000. This could be vulnerable to abuse if the business logic fails to check whether the order was changed after the discount is applied. In this case, an attacker could simply add items to their cart until they hit the $1000 threshold, then remove the items they don’t want before placing the order. They would then receive the discount on their order even though it no longer satisfies the intended criteria.

  • You should pay particular attention to any situation where prices or other sensitive values are adjusted based on criteria determined by user actions. Try to understand what algorithms the application uses to make these adjustments and at what point these adjustments are made. This often involves manipulating the application so that it is in a state where the applied adjustments do not correspond to the original criteria intended by the developers.尝试理解应用程序使用什么算法来进行这些调整,以及在什么情况下进行这些调整。这通常涉及对应用程序的操作,使其处于一种状态,即应用的调整不符合开发人员预期的原始标准。

  • To identify these vulnerabilities, you need to think carefully about what objectives an attacker might have and try to find different ways of achieving this using the provided functionality. This may require a certain level of domain-specific knowledge in order to understand what might be advantageous in a given context. To use a simple example, you need to understand social media to understand the benefits of forcing a large number of users to follow you. 识别漏洞,考虑可能的目标,特定领域的知识

  • Without this knowledge of the domain, you may dismiss dangerous behavior because you simply aren’t aware of its potential knock-on effects没有意识到其潜在的连锁效应。.

  • Likewise, you may struggle to join the dots and notice how two functions can be combined in a harmful way.

  • For simplicity, the examples used in this topic are specific to a domain that all users will already be familiar with, namely an online shop.

  • However, whether you’re bug bounty hunting, pentesting, or even just a developer trying to write more secure code, bug赏金搜索、渗透测试,还是仅仅是一个试图编写更安全代码的开发人员you may at some point encounter applications from less familiar domains. In this case, you should read as much documentation as possible and, where available, talk to subject-matter experts from the domain to get their insight. This may sound like a lot of work, but the more obscure the domain is, the more likely other testers will have missed plenty of bugs. 但是这个领域越模糊,其他测试人员就越有可能漏掉许多漏洞

Lab: Flawed enforcement of business rules

This lab has a logic flaw in its purchasing workflow. To solve the lab, exploit this flaw to buy a “Lightweight l33t leather jacket”.

You can log in to your own account using the following credentials: wiener:peter

  1. Log in and notice that there is a coupon code, NEWCUST5.
  2. At the bottom of the page, sign up to the newsletter. You receive another coupon code, SIGNUP30.
  3. Add the leather jacket to your cart.
  4. Go to the checkout and apply both of the coupon codes to get a discount on your order.
  5. Try applying the codes more than once. Notice that if you enter the same code twice in a row, it is rejected because the coupon has already been applied. However, if you alternate between the two codes, you can bypass thiscontrol. 交替使用
  6. Reuse the two codes enough times to reduce your order total to less than your remaining store credit. Complete the order to solve the lab.


SIGNUP30

Lab: Infinite money logic flaw

This lab has a logic flaw in its purchasing workflow. To solve the lab, exploit this flaw to buy a “Lightweight l33t leather jacket”.

You can log in to your own account using the following credentials: wiener:peter

This solution uses Burp Intruder to automate the process of buying and redeeming gift cards. Users proficient in Python might prefer to use the Turbo Intruder extension instead.
这个解决方案使用Burp入侵者自动化购买和兑换礼品卡的过程。精通Python的用户可能更喜欢使用Turbo入侵者扩展。

  1. With Burp running, log in and sign up for the newsletter to obtain a coupon code, SIGNUP30. Notice that you can buy $10 gift cards and redeem兑换 them from the “My account” page.
  2. Add a gift card to your basket and proceed to the checkout. Apply the coupon code to get a 30% discount. Complete the order and copy the gift card code to your clipboard.
  3. Go to your account page and redeem the gift card. Observe that this entire process has added $3 to your store credit. Now you need to try and automate this process.
  4. Study the proxy history and notice that you redeem your gift card by supplying the code in the gift-card parameter of the POST /gift-card request.
  5. Go to “Project options” > "Sessions". In the “Session handling rules” panel, click “Add”. The “Session handling rule editor” dialog opens.
  6. In the dialog, go to the “Scope” tab. Under “URL Scope”, select "Include all URLs".
  7. Go back to the “Details” tab. Under “Rule actions”, click “Add” > "Run a macro". Under “Select macro”, click “Add” again to open the Macro Recorder.
  8. Select the following sequence of requests:
POST /cartPOST /cart/couponPOST /cart/checkoutGET /cart/order-confirmation?order-confirmed=truePOST /gift-card

Then, click “OK”. The Macro Editor opens.
9. In the list of requests, select GET /cart/order-confirmation?order-confirmed=true. Click “Configure item”. In the dialog that opens, click “Add” to create a custom parameter. Name the parameter gift-card and highlight the gift card code at the bottom of the response. Click “OK” twice to go back to the Macro Editor.
10. Select the POST /gift-card request and click “Configure item” again. In the “Parameter handling” section, use the drop-down menus to specify that the gift-card parameter should be derived from the prior response (response 4). Click “OK”.
11. In the Macro Editor, click “Test macro”. Look at the response to GET /cart/order-confirmation?order-confirmation=true and note the gift card code that was generated. Look at the POST /gift-card request. Make sure that the gift-card parameter matches and confirm that it received a 302 response. Keep clicking “OK” until you get back to the main Burp window.
12. Send the GET /my-account request to Burp Intruder. Use the “Sniper” attack type and clear the default payload positions.
13. On the “Payloads” tab, select the payload type “Null payloads”. Under “Payload options”, choose to generate 412 payloads. On the “Options” tab, set the thread count to 1. Start the attack.
14. When the attack finishes, you will have enough store credit to buy the jacket and solve the lab.

这个自动化的过程真复杂啊



3kdxT5ZM7q

automate







输入邮件的优惠券 10-3=7(100-7=93)
成功购买的10$ (93+10=103)
操作一次 +3
(1337-100)➗3==412.3

不断发包,可以看到账户余额在增加



8. 提供加密oracle

  • Dangerous scenarios can occur危险出现 when user-controllable input is encrypted and the resulting ciphertext is then made available to the user in some way. 当对用户可控制的输入进行加密,然后以某种方式将生成的密文提供给用户时

  • This kind of input is sometimes known as an “encryption oracle”. An attacker can use this input to encrypt arbitrary data using the correct algorithm and asymmetric key.攻击者可以使用此输入,使用正确的算法非对称密钥加密任意数据。

  • This becomes dangerous when there are other user-controllable inputs in the application that expect data encrypted with the same algorithm. 当应用程序中存在其他用户可控制的输入,这些输入需要使用相同算法加密数据时

  • In this case, an attacker could potentially use the encryption oracle to generate valid, encrypted input and then pass it into other sensitive functions.攻击者可能会使用加密oracle生成有效的加密输入,然后将其传递给其他敏感函数。

  • This issue can be compounded if there is another user-controllable input on the site that provides the reverse function.如果站点上有另一个用户可控制的输入提供了相反的功能,那么这个问题就会复杂化

  • This would enable the attacker to decrypt other data to identify the expected structure. This saves them some of the work involved in creating their malicious data but is not necessarily required to craft a successful exploit.这将使攻击者能够解密其他数据,以识别预期的结构。这为他们节省了创建恶意数据所涉及的一些工作,但这并不一定是制造一个成功的攻击所必需的。

  • The severity of an encryption oracle depends on what functionality also uses the same algorithm as the oracle.哪些功能也使用与oracle相同的算法。

Lab: Authentication bypass via encryption oracle(temp)

This lab contains a logic flaw that exposes an encryption oracle to users. To solve the lab, exploit this flaw to gain access to the admin panel and delete Carlos.

You can log in to your own account using the following credentials: wiener:peter

  1. Log in with the “Stay logged in” option enabled and post a comment. Study the corresponding requests and responses using Burp’s manual testing tools. Observe that the stay-logged-in cookie is encrypted.

  2. Notice that when you try and submit a comment using an invalid email address, the response sets an encrypted notification cookie before redirecting you to the blog post.

  3. Notice that the error message reflects your input from the email parameter in cleartext:Invalid email address: your-invalid-email
    Deduce that this must be decrypted from the notification cookie. Send the POST /post/comment and the subsequent GET /post?postId=x request (containing the notification cookie) to Burp Repeater.

  4. In Repeater, observe that you can use the email parameter of the POST request to encrypt arbitrary data and reflect the corresponding ciphertext in the Set-Cookie header. Likewise, you can use the notification cookie in the GET request to decrypt arbitrary ciphertext and reflect the output in the error message. For simplicity, double-click the tab for each request and rename the tabs encrypt and decrypt respectively.

  5. In the decrypt request, copy your stay-logged-in cookie and paste it into the notification cookie. Send the request. Instead of the error message, the response now contains the decrypted stay-logged-in cookie, for example:
    wiener:1598530205184
    This reveals that the cookie should be in the format username:timestamp. Copy the timestamp to your clipboard.

  6. Go to the encrypt request and change the email parameter to administrator:your-timestamp. Send the request and then copy the new notification cookie from the response.

  7. Decrypt this new cookie and observe that the 23-character "Invalid email address: " prefix is automatically added to any value you pass in using the email parameter. Send the notification cookie to Burp Decoder.

  8. In Decoder, URL-decode and Base64-decode the cookie. Select the “Hex” view, then right-click on the first byte in the data. Select “Delete bytes” and delete 23 bytes.

  9. Re-encode the data and copy the result into the notification cookie of the decrypt request. When you send the request, observe that an error message indicates that a block-based encryption algorithm is used and that the input length must be a multiple of 16. You need to pad the "Invalid email address: " prefix with enough bytes so that the number of bytes you will remove is a multiple of 16.

  10. In Burp Repeater, go back to the encrypt request and add 9 characters to the start of the intended cookie value, for example:
    xxxxxxxxxadministrator:your-timestamp
    Encrypt this input and use the decrypt request to test that it can be successfully decrypted.

  11. Send the new ciphertext to Decoder, then URL and Base64-decode it. This time, delete 32 bytes from the start of the data. Re-encode the data and paste it into the notification parameter in the decrypt request. Check the response to confirm that your input was successfully decrypted and, crucially, no longer contains the "Invalid email address: " prefix. You should only see administrator:your-timestamp.

  12. From the proxy history, send the GET / request to Burp Repeater. Delete the session cookie entirely, and replace the stay-logged-in cookie with the ciphertext of your self-made cookie. Send the request. Observe that you are now logged in as the administrator and have access to the admin panel.
    Using Burp Repeater, browse to /admin and notice the option for deleting users. Browse to /admin/delete?username=carlos to solve the lab.

五、如何避免

In short, the keys to preventing business logic vulnerabilities are to:

  • Make sure developers and testers understand the domain that the application serves理解应用程序服务的,领域

  • Avoid making implicit assumptions about user behavior or the behavior of other parts of the application避免对用户行为或应用程序其他部分的行为做出隐式假设

  • You should identify what assumptions you have made about the server-side state and implement the necessary logic to verify that these assumptions are met. This includes making sure that the value of any input is sensible before proceeding.您应该确定您所做的关于服务器端状态假设,并实现必要的逻辑来验证这些假设是否满足。这包括在继续之前确保任何输入的值都是合理的。

  • It is also important to make sure that both developers and testers are able to fully understand these assumptions and how the application is supposed to react in different scenarios. This can help the team to spot logic flaws as early as possible. To facilitate this, the development team should adhere to the following best practices wherever possible:同样重要的是要确保开发人员和测试人员都能够完全理解这些假设,以及应用程序应该如何在不同的场景中做出反应。这可以帮助团队尽早发现逻辑缺陷。为促进这一点,开发团队应尽可能遵循以下最佳实践:

  • Maintain clear design documents and data flows for all transactions and workflows, noting any assumptions that are made at each stage.为所有事务和工作流程维护清晰的设计文档和数据流程,注意在每个阶段所做的任何假设。

  • Write code as clearly as possible. If it’s difficult to understand what is supposed to happen, it will be difficult to spot any logic flaws. Ideally, well-written code shouldn’t need documentation to understand it. In unavoidably complex cases, producing clear documentation is crucial to ensure that other developers and testers know what assumptions are being made and exactly what the expected behavior is.尽可能清晰地编写代码。如果很难理解应该发生什么,就很难发现任何逻辑缺陷。理想情况下,编写良好的代码不需要文档来理解它。在不可避免的复杂情况下,生成清晰的文档对于确保其他开发人员和测试人员知道所做的假设以及所期望的行为是什么是至关重要的。

  • Note any references to other code that uses each component. Think about any side-effects of these dependencies if a malicious party were to manipulate them in an unusual way.注意任何对使用每个组件的其他代码的引用。想想这些依赖关系的任何副作用,如果一个恶意方以一种不寻常的方式操纵它们。

  • Due to the relatively unique nature of many logic flaws, it is easy to brush them off as a one-time mistake due to human error and move on. However, as we’ve demonstrated, these flaws are often the result of bad practices in the initial phases of building the application. Analyzing why a logic flaw existed in the first place, and how it was missed by the team, can help you to spot weaknesses in your processes. By making minor adjustments, you can increase the likelihood that similar flaws will be cut off at the source or caught earlier in the development process.由于许多逻辑缺陷相对独特的性质,很容易将其视为人为错误造成的一次性错误然后继续前进。然而,正如我们所演示的,这些缺陷通常是构建应用程序初始阶段的不良实践的结果。分析逻辑缺陷首先存在的原因,以及它是如何被团队忽略的,可以帮助您发现流程中的弱点。通过进行微小的调整,您可以增加类似缺陷在源头上被切断或在开发过程的早期被发现的可能性。

5 Business logic vulnerabilities 业务逻辑漏洞相关推荐

  1. 攻防演练中的业务逻辑漏洞及检测思路

    随着各类前后端框架的成熟和完善,传统的SQL注入.XSS等常规漏洞在Web系统里逐步减少,而攻击者更倾向于使用业务逻辑漏洞来进行突破.业务逻辑漏洞,具有攻击特征少.自动化脆弱性工具无法扫出等特点,也为 ...

  2. 【CyberSecurityLearning 65】业务安全+业务逻辑漏洞实战

    目录 业务安全 * 业务安全概述 * 黑客攻击的目标 业务安全测试流程 * 测试准备 * 业务调研 * 业务建模 * 业务流程梳理 * 业务风险点识别 * 开展测试 * 撰写报告 万能用户名|密码 业 ...

  3. 浅谈——业务逻辑漏洞

    目录 什么是业务逻辑漏洞 产生原因 脑图 有哪些应用场景?哪些危害? 越权 支付漏洞 靶机案例 修改支付金额 密码找回绕过 越权 防御方式 参考 | 提示

  4. 【BP靶场portswigger-服务端5】业务逻辑漏洞-11个实验(全)

    前言: 介绍: 博主:网络安全领域狂热爱好者(承诺在CSDN永久无偿分享文章). 殊荣:CSDN网络安全领域优质创作者,2022年双十一业务安全保卫战-某厂第一名,某厂特邀数字业务安全研究员,edus ...

  5. 不可思议但又无处不在的漏洞,WEB安全基础入门—业务逻辑漏洞

    欢迎关注订阅专栏! WEB安全系列包括如下三个专栏: <WEB安全基础-服务器端漏洞> <WEB安全基础-客户端漏洞> <WEB安全高级-综合利用> 知识点全面细致 ...

  6. 业务逻辑漏洞挖掘-某网站绕过下载付费机制进行下载文件

    某网站绕过下载付费机制进行下载文件 学习漏洞也学了一段时间了,对于一些常见的漏洞也就在靶场上练习.靶场毕竟是靶场,挖漏洞还是得尝试在一些真实的网站进行练习.于是,不多说了,虚拟机启动,burpsuit ...

  7. 张小白的渗透之路(十)——业务逻辑漏洞

    业务逻辑漏洞 由于程序逻辑不严谨或逻辑太过复杂,导致一些逻辑分支不能正常处理或处理错误,统称为 业务逻辑漏洞 关注重点 业务流程 HTTP/HTTPS 请求分析 漏洞分类 身份认证 暴力破解 在 没有 ...

  8. 主要行业的业务逻辑漏洞

    目录 一.金融行业 二.电商行业 三.互联网行业 四.政务行业 一.金融行业 金融行业 通用业务模块 业务逻辑漏洞 登陆 暴力破解用户名密码 撞库 验证码爆破和绕过 手机号撞库 账户权限绕过 注册 恶 ...

  9. 058 业务逻辑漏洞

    文章目录 一:概述 二:黑客攻击的目标 三:业务安全测试流程 3.1:测试准备 3.2:业务调研 3.3:业务建模 3.4:业务流程梳理 3.5:业务风险点识别 3.6:开展测试 3.7:撰写报告 四 ...

最新文章

  1. 使用深度学习阅读和分类扫描文档
  2. 皮一皮:自作多情的表率...
  3. 【转】Plotting texts as graphs with R and igraph
  4. dom复制cloneNode节点与插入节点appendChild()
  5. [Diary] 阳 伞
  6. Web API实现微信公众平台开发-接收数据Post
  7. 基于layuicms的升级和优化,同样支持响应式,并且比layuicms支持度更好
  8. ECCV 2020 论文大盘点-视频理解与分类篇
  9. 全网最简单的k8s User JWT token管理器
  10. 应用phpexcel导出excel文件后打不开的问题解决方法
  11. python压缩视频_如何压缩视频大小?
  12. 超宽带 DWM1000模块 简介补充
  13. Flex Builder 3.0正式版+破解补丁
  14. 数据库MySQL详解(入门学习)
  15. matebook14支持触摸屏吗_新款华为MateBook 14 2020款评测——触控屏来!
  16. EINT DINT ERTM DRTM EALLOW EDIS ESTOP0的理解
  17. IaaS(基础设施即服务),PaaS(平台即服务),SaaS(软件即服务)的区别
  18. ajax请求后台下载文件
  19. 当Ubuntu安装软件碰到找不到安装包时E: Package ‘unzip‘ has no installation candidate
  20. spin_lock浅析

热门文章

  1. 在aws中使用阿里云的SSL证书
  2. 疫情+金三银四如何找到自己理想的工作,面试大厂技术题及答案
  3. 好客租房101-项目介绍
  4. Android中动态改变布局中控件的位置
  5. 联发科p60和骁龙710哪个好_骁龙710、联发科P60和麒麟710哪个好 性能对比介绍
  6. css阴影实现3D氛围重叠来回闪动文字
  7. 古代社会计算机发展,吴国平:为何中国古代数学更能适应计算机的发展
  8. 漏洞标题: 中国移动mas2.0平台系统漏洞
  9. 为什么现在企业都喜欢使用阿里云产品呢?
  10. ffmpeg开发:打开摄像头和麦克风