Method and system for detecting website permission vulnerabilities

A vulnerability detection and website technology, applied in the field of network security, can solve problems such as potential safety hazards, leakage of other users' personal information, leakage of other users' information, etc., and achieve the effect of flexible and comprehensive access requests

Active Publication Date: 2015-04-15
QI-ANXIN LEGENDSEC INFORMATION TECH (BEIJING) INC +1
View PDF3 Cites 21 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] However, in some websites, this method of access based on permissions has potential security risks, because when accessing a website through a browser, in addition to entering access information on the login interface, you can also directly enter information related to a user page. The corresponding link to access the user's page, the difference between different user pages in the link is only reflected in the parameters of the link, and in the case that these websites do not set permissions for this way of accessing through links, the attack Users can try to view other users' information by changing the parameters in the link, resulting in the leakage of other users' information
[0005] For example, on a courier website, when inquiring about a courier tracking number, an attacker can first obtain the link corresponding to the page displaying the tracking number information for a tracking number, and then change the value of the parameters related to the tracking number in the link, thereby accessing other The user's single number information, which caused the leakage of other users' personal information

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for detecting website permission vulnerabilities
  • Method and system for detecting website permission vulnerabilities
  • Method and system for detecting website permission vulnerabilities

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0054] Embodiments of the present invention are described in detail below, examples of which are shown in the drawings, wherein the same or similar reference numerals designate the same or similar elements or elements having the same or similar functions throughout. The embodiments described below by referring to the figures are exemplary only for explaining the present invention and should not be construed as limiting the present invention.

[0055] Those skilled in the art will understand that unless otherwise stated, the singular forms "a", "an", "said" and "the" used herein may also include plural forms. It should be further understood that the word "comprising" used in the description of the present invention refers to the presence of said features, integers, steps, operations, elements and / or components, but does not exclude the presence or addition of one or more other features, Integers, steps, operations, elements, components, and / or groups thereof. It will be unders...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a method and system for detecting website permission vulnerabilities. The method comprises the following steps: obtaining a permitted access link in a website to be detected; identifying values of parameters in the access link; modifying the values of the parameters according to a preset rule to form a test access link; judging whether the test access link can be visited or not, and if so, determining that the website to be detected has permission vulnerabilities. Through the technical scheme, whether the website has the permission vulnerabilities or not can be accurately detected according to the website link, so that an accurate prompt can be made and the personal information leak of users can be avoided.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a method for detecting website authority loopholes and a website authority loophole detection system. Background technique [0002] Today, as the network is increasingly developed, network security issues emerge in an endless stream, and have become an important concern of website managers and users. [0003] Websites generally have some access portals, and users can access the website by entering access information, such as account numbers and passwords, or access codes. However, in order to protect the interests of users and avoid leakage of user personal data, each user has corresponding access rights. For example, in some shopping websites, a user can only view the shopping information belonging to this account under his account. To a certain extent, the security of the user's personal information is guaranteed. [0004] However, in some websites, this method of ac...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1433
Inventor 龙专
Owner QI-ANXIN LEGENDSEC INFORMATION TECH (BEIJING) INC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap