检查POST响应会显示其他用户的电子邮件和密码 [英] Inspecting POST response shows emails and passwords of other users
问题描述
在某些论坛中,我使用Firebug查看了POST请求的JSON响应。
In some forum that I was viewed the JSON response of a POST request using Firebug.
说,用户的电子邮件是X @ Y.com,密码是Zabc123在这个论坛上发布了自己的页面。我想在他的帖子上发表评论。
但在我发布评论之前,我打开了Firebug的 Net 面板:
Say, a user with the email X@Y.com and password Zabc123 posted something on his own page on this forum. And I wanted to post a comment on his post. But before I posted the comment I opened Firebug's Net panel:
在我发布评论后,我看到的回复Firebug是这样的:
After I had posted the comment the response that I saw in Firebug was like this:
postid 1432
postid 1432
其他事情......
OTHER THINGS ...
电子邮件X@Y.com
email X@Y.com
密码Zabc123
ip 111.111.111.111
ip 111.111.111.111
lastlogin 1-1-2016
lastlogin 1-1-2016
lastpasschange 2-2-2015
lastpasschange 2-2-2015
依旧..
此信息不是我自己的,这是我发布评论的人的信息。
This info is not my own, it is the info of the person that I was posting a comment on.
这是否是该论坛中黑客或编程错误的脚本的症状?
Is this a symptom of a hack or an incorrectly programmed script in that forum?
推荐答案
如果您在响应信息中看到其他用户的帐户数据,那么这可能是服务器端的错误您在POST请求中调用的脚本,特别是如果它在不同的情况下同样发生浏览器。
网站的程序员也可以输出它作为调试信息,忘记在将其推送到实时服务器时删除代码。
If you see the account data of another user within the response info, then that's probably a bug in the server-side script you called in your POST request, especially if that happens equally in different browsers. The programmers of the website could also have output it as debug info and forgot to remove the code when pushing it to the live server.
它也可能是服务器被黑客入侵,脚本改变了,它以纯文本形式返回用户名和密码。
It could also be that the server got hacked and the script changed that way that it returns the user names and passwords in plain text.
这篇关于检查POST响应会显示其他用户的电子邮件和密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
