你见过的最糟糕的安全漏洞是什么?为了保护罪犯,限制细节可能是个好主意。

不管怎样,这里有一个关于如果你发现了安全漏洞该怎么办的问题,还有一个关于如果公司(似乎)没有回应该怎么办的问题。


当前回答

在签名代码中:

System.setSecurityManager(null);

(你可以通过谷歌代码搜索。)从进程中运行的所有代码中删除所有Java安全限制。可能没有想清楚。

其他回答

这里有一个我不常看到的例子。这是一个非常有效的安全漏洞,困扰着大多数登录表单。我大约在十年前发现了它。

我在多伦多大学学习,那里有一个叫做ROSI的系统,允许学生管理他们的费用和课程注册。他们还在总会议区设置了两个公共终端,只能显示ROSI网站,学生可以输入他们的学生证和密码登录和管理他们的物品。

但是,在用户注销后,您可以在终端上按浏览器的alt-left键返回登录表单,然后按alt-right键前进一键,然后单击刷新。在这一点上,浏览器会要求你确认重新发布表单数据,如果你点击是,它会重新发布以前的用户登录/通过和登录你。

大多数登录表单仍然容易受到这类攻击。解决方案是post/redirect/get或使用nonce键。

我给我的大学管理员发了很多次邮件,但我认为他们至少在我毕业离开之前都没有解决这个问题。这大约是在2002年。

令人惊讶的是没有人提到社会工程,但我从这篇文章中得到了乐趣。

总结:恶意用户可以买几十个u盘,在里面装上自动运行的病毒或木马,然后在深夜把这些u盘撒在公司的停车场里。第二天,每个人都来上班,被闪闪发光的、糖果形状的、不可抗拒的硬件绊倒,并对自己说:“哦,哇,免费的闪存盘,我想知道里面有什么!”——20分钟后,整个公司的网络都被冲洗掉了。

Right at the start of the .com era, I was working for a large retailer overseas. We watched with great interest as our competitors launched an online store months before us. Of course, we went to try it out... and quickly realized that our shopping carts were getting mixed up. After playing with the query string a bit, we realized we could hijack each other's sessions. With good timing, you could change the delivery address but leave the payment method alone... all that after having filled the cart with your favorite items.

不过这还不是我见过的最严重的安全漏洞。但这至少是我自己发现的最糟糕的情况:

一个非常成功的在线有声读物商店在成功认证后使用cookie存储当前用户的身份信息。但你可以很容易地在cookie中更改用户ID,并访问其他账户并在这些账户上购物。

About 3 years ago I built a site for a somewhat large non-profit organization in our state. When it came time to deploy the application to their web host server, I noticed an odd file named "cc.txt" or something obvious like that in their public site. It was under their web root, was getting served, and was a csv file of all their donor's names, addresses, credit card numbers, expiration dates, and CVV/CVC codes. I cannot count the number of times I brought the issue up - first to my boss, then our company accountant, the client's IT director, finally the client's President. That was 3 years ago. The file is still being served, it can even be googled. And it's been updated. I tend not to respond to their donation solicitations when I get them.