CN110489966A - Parallel go beyond one's commission leak detection method, device, storage medium and electronic equipment - Google Patents
Parallel go beyond one's commission leak detection method, device, storage medium and electronic equipment Download PDFInfo
- Publication number
- CN110489966A CN110489966A CN201910741372.2A CN201910741372A CN110489966A CN 110489966 A CN110489966 A CN 110489966A CN 201910741372 A CN201910741372 A CN 201910741372A CN 110489966 A CN110489966 A CN 110489966A
- Authority
- CN
- China
- Prior art keywords
- response message
- commission
- parallel
- going beyond
- content
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 89
- 230000004044 response Effects 0.000 claims abstract description 297
- 230000006854 communication Effects 0.000 claims abstract description 39
- 238000004891 communication Methods 0.000 claims abstract description 38
- 238000000034 method Methods 0.000 claims abstract description 19
- 230000004048 modification Effects 0.000 claims description 15
- 238000012986 modification Methods 0.000 claims description 15
- 239000000284 extract Substances 0.000 claims description 10
- 238000012545 processing Methods 0.000 claims description 7
- 230000003247 decreasing effect Effects 0.000 claims description 2
- 238000010586 diagram Methods 0.000 description 22
- 230000006870 function Effects 0.000 description 10
- 235000014510 cooky Nutrition 0.000 description 9
- 239000000243 solution Substances 0.000 description 8
- 230000008859 change Effects 0.000 description 5
- 238000004590 computer program Methods 0.000 description 4
- 238000000605 extraction Methods 0.000 description 4
- 241000208340 Araliaceae Species 0.000 description 3
- 235000005035 Panax pseudoginseng ssp. pseudoginseng Nutrition 0.000 description 3
- 235000003140 Panax quinquefolius Nutrition 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 235000008434 ginseng Nutrition 0.000 description 3
- 238000007689 inspection Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 239000004973 liquid crystal related substance Substances 0.000 description 2
- 230000005291 magnetic effect Effects 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 239000004065 semiconductor Substances 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 1
- 230000003044 adaptive effect Effects 0.000 description 1
- 238000007792 addition Methods 0.000 description 1
- 230000015572 biosynthetic process Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 239000000470 constituent Substances 0.000 description 1
- 238000007796 conventional method Methods 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000000151 deposition Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000005611 electricity Effects 0.000 description 1
- 230000036541 health Effects 0.000 description 1
- 238000002347 injection Methods 0.000 description 1
- 239000007924 injection Substances 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000003014 reinforcing effect Effects 0.000 description 1
- 230000008439 repair process Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer And Data Communications (AREA)
Abstract
Present disclose provides a kind of leak detection method, device, storage medium and electronic equipments of going beyond one's commission in parallel.This method comprises: obtaining the first access address comprising target component, and first network request is constructed according to first access address;Network communication services are called, according to first response message of first network request;The target component is modified, to form the second access address for including modified target component, and the second network request is constructed according to second access address;The network communication services are called, to obtain the second response message according to second network request;Parallel loophole of going beyond one's commission is judged whether there is with second response message according to first response message.The technical solution of the disclosure can rapidly, accurately detect loophole of going beyond one's commission in parallel, improve the safety of user sensitive information, further increase user experience.
Description
Technical field
This disclosure relates to which field of computer technology, leak detection method of going beyond one's commission in parallel in particular to one kind are got in parallel
Weigh Hole Detection device, computer readable storage medium and electronic equipment.
Background technique
Loophole of going beyond one's commission is a kind of common logical security loophole, compares the conventional securities loopholes such as SQL injection, XSS loophole, attacks
The person of hitting is more likely to excavate the application safety problem of Business Logic, and the harm of this kind of safety problem is huge, may cause enterprise
User sensitive information leakage and fame loss.
Loophole of going beyond one's commission include go beyond one's commission loophole and vertically to go beyond one's commission loophole in parallel, wherein loophole of going beyond one's commission in parallel be server end to
The data operation request that family proposes excessively is trusted, and has ignored the judgement to user's operation permission, ordinary user is caused to have it
The additions and deletions of his ordinary user change Cha Gongneng.If there is loophole of going beyond one's commission in parallel in business, so that it may check the quick of other users
Feel information, and traditional Web security scan device none have the function of vulnerability scanning of going beyond one's commission in parallel.
In consideration of it, this field needs to develop a kind of new leak detection method of going beyond one's commission in parallel.
It should be noted that information is only used for reinforcing the reason to the background of the disclosure disclosed in above-mentioned background technology part
Solution, therefore may include the information not constituted to the prior art known to persons of ordinary skill in the art.
Summary of the invention
Embodiment of the disclosure provides the parallel leak detection method of going beyond one's commission of one kind, go beyond one's commission in parallel Hole Detection device, meter
Calculation machine readable storage medium storing program for executing and electronic equipment, and then loophole of going beyond one's commission in parallel can be quickly detected at least to a certain extent, drop
The rate of false alarm of low loophole of going beyond one's commission in parallel, and then improve the safety of Business Logic.
Other characteristics and advantages of the disclosure will be apparent from by the following detailed description, or partially by the disclosure
Practice and acquistion.
According to the one aspect of the embodiment of the present disclosure, a kind of leak detection method of going beyond one's commission in parallel is provided, comprising: obtain packet
The first access address containing target component, and first network request is constructed according to first access address;Call network communication
Service, according to first response message of first network request;The target component is modified, to be formed comprising after modification
Target component the second access address, and according to second access address construct the second network request;Call the network
Communication service, to obtain the second response message according to second network request;According to first response message and described
Two response messages judge whether there is loophole of going beyond one's commission in parallel.
According to the one aspect of the embodiment of the present disclosure, a kind of Hole Detection device of going beyond one's commission in parallel is provided, comprising: first asks
Building module is sought, for obtaining the first access address comprising target component, and according to first access address building first
Network request;The first information obtains module, for calling network communication services, according to the first network request first
Response message;Second request building module, for modifying the target component, to form the comprising modified target component
Two access address, and the second network request is constructed according to second access address;Second data obtaining module, for calling
Network communication services are stated, to obtain the second response message according to second network request;Hole Detection of going beyond one's commission module is used for root
Parallel loophole of going beyond one's commission is judged whether there is with second response message according to first response message.
In some embodiments of the present disclosure, aforementioned schemes are based on, the Hole Detection module of going beyond one's commission includes the first detection
Unit for calling rule management service and extracts the first judgment rule, according to first response message, second sound
Information is answered to judge whether there is the parallel loophole of going beyond one's commission with first judgment rule.
In some embodiments of the present disclosure, first judgment rule includes that content compares and content-length comparison;Base
In aforementioned schemes, the first detection unit includes: comparing unit, for by the content of first response message and described the
The content of two response messages is compared;First judging unit, for the content and described second in first response message
When the content of response message is identical, determine that there is no the loopholes of going beyond one's commission in parallel;Second judging unit, in first sound
When answering the content difference of the content of information and second response message, according to the content-length of first response message and institute
The content-length for stating the second response message judges whether there is the loophole of going beyond one's commission in parallel.
In some embodiments of the present disclosure, aforementioned schemes are based on, second judging unit is configured that described first
The content-length of response message and the content-length of second response message make ratio, to obtain a target ratio;By the mesh
Mark ratio is compared with preset threshold;If the target ratio is less than the preset threshold, determine to get in parallel there are described
Weigh loophole;If the target ratio is greater than or equal to the preset threshold, determine that there is no the loopholes of going beyond one's commission in parallel.
In some embodiments of the present disclosure, the target component is digital shape parameter;Based on aforementioned schemes, described second
Request building module be configured that based on the target component, increase or decrease default value, with to the target component into
Row modification.
In some embodiments of the present disclosure, it is based on aforementioned schemes, the Hole Detection device of going beyond one's commission in parallel further include: the
Three request building modules, for deleting the user information being locally stored, to form include the modified target component the
Three access address, and third network request is constructed according to the third access address;Third data obtaining module, for calling
Network communication services are stated, to obtain third response message according to the third network request;It goes beyond one's commission loophole judgment module, is used for root
The parallel loophole of going beyond one's commission is judged whether there is with the third response message according to second response message.
In some embodiments of the present disclosure, aforementioned schemes are based on, the loophole judgment module of going beyond one's commission includes: the second detection
Unit for calling rule management service and extracts the second judgment rule, to be rung according to second response message, the third
Information is answered to judge whether there is the parallel loophole of going beyond one's commission with second judgment rule.
In some embodiments of the present disclosure, second judgment rule includes that content compares;It is described based on aforementioned schemes
Second detection unit is configured that, and the content of second response message is compared with the content of the third response message;
If the content of second response message is identical as the content of the third response message, determine to go beyond one's commission in parallel there is no described
Loophole;If the content of second response message is not identical as the content of the third response message, determine that there are described flat
Capable loophole of going beyond one's commission.
In some embodiments of the present disclosure, it is based on aforementioned schemes, the Hole Detection device of going beyond one's commission in parallel further include: the
Three detection units for calling rule management service and extract third judgment rule, according to first response message, described
Second response message judges whether there is the parallel loophole of going beyond one's commission with the third judgment rule.
In some embodiments of the present disclosure, the third judgment rule includes that target information compares;Based on aforementioned schemes,
The third detection unit includes: information extraction unit, for extracting institute according to the preset field in the third judgment rule
State the second target information in the first object information and second response message in the first response message;Information comparison list
Member, for the first object information and second target information to be compared;Third judging unit, for described the
When one target information is identical as second target information, determine that there is no the loopholes of going beyond one's commission in parallel;4th judging unit is used
In when the first object information and second target information is not identical, there are the loopholes of going beyond one's commission in parallel for judgement.
In some embodiments of the present disclosure, aforementioned schemes are based on, the information extraction unit is configured that will be described default
Field is matched with all fields in first response message, and the preset field and second response are believed
All fields in breath are matched;When in first response message exist and the matched aiming field of the preset field
When, information corresponding with the aiming field in first response message is extracted, and will letter corresponding with the aiming field
Breath is used as the first object information;When in second response message exist and the matched aiming field of the preset field
When, information corresponding with the aiming field in second response message is extracted, and will letter corresponding with the aiming field
Breath is used as second target information.
In some embodiments of the present disclosure, it is based on aforementioned schemes, the Hole Detection device of going beyond one's commission in parallel further include: protect
Storing module, for determine there are it is described go beyond one's commission in parallel loophole when, first access address of loophole of going beyond one's commission in parallel will be present
Server is sent to corresponding target component to be saved.
According to the one aspect of the embodiment of the present disclosure, a kind of computer equipment is provided, comprising: processor;And memory,
It is stored with computer-readable instruction on the memory, is realized when the computer-readable instruction is executed by the processor as above
State leak detection method as described in the examples of going beyond one's commission in parallel.
According to the one aspect of the embodiment of the present disclosure, a kind of electronic equipment is provided, comprising: one or more processors;
Storage device, for storing one or more programs, when one or more of programs are held by one or more of processors
When row, so that one or more of processors are realized such as above-mentioned leak detection method as described in the examples of going beyond one's commission in parallel.
In the technical solution provided by some embodiments of the present disclosure, according to the first access address comprising target component
First network request is constructed, and according to the first response message of first network request;Then modify target component, according to comprising
Second access address of modified target component constructs the second network request, and obtains the second response according to the second network request
Information;Parallel loophole of going beyond one's commission finally is judged whether there is with the second response message according to the first response message.The technology of the disclosure
On the one hand scheme can quickly detect loophole of going beyond one's commission in parallel, improve the safety of Business Logic;On the other hand it can mention
The safety of high user sensitive information, further improves user experience.
It should be understood that above general description and following detailed description be only it is exemplary and explanatory, not
The disclosure can be limited.
Detailed description of the invention
The drawings herein are incorporated into the specification and forms part of this specification, and shows the implementation for meeting the disclosure
Example, and together with specification for explaining the principles of this disclosure.It should be evident that the accompanying drawings in the following description is only the disclosure
Some embodiments for those of ordinary skill in the art without creative efforts, can also basis
These attached drawings obtain other attached drawings.In the accompanying drawings:
Fig. 1 is shown can be using the schematic diagram of the exemplary system architecture of the technical solution of the embodiment of the present disclosure;
Fig. 2 diagrammatically illustrates the flow chart of the leak detection method of going beyond one's commission in parallel of one embodiment according to the disclosure;
Fig. 3 diagrammatically illustrates the flow diagram of the parallel loophole of going beyond one's commission of detection according to one embodiment of the disclosure;
Fig. 4 diagrammatically illustrates the flow diagram of the parallel loophole of going beyond one's commission of detection according to one embodiment of the disclosure;
Fig. 5 diagrammatically illustrates the flow diagram of the parallel loophole of going beyond one's commission of detection according to one embodiment of the disclosure;
Fig. 6 diagrammatically illustrates the flow diagram of the parallel loophole of going beyond one's commission of detection according to one embodiment of the disclosure;
Fig. 7 diagrammatically illustrates the acquisition first object information and the second target information according to one embodiment of the disclosure
Flow diagram;
Fig. 8 diagrammatically illustrates the flow diagram of the parallel loophole of going beyond one's commission of detection according to one embodiment of the disclosure;
Fig. 9 diagrammatically illustrates the block diagram of the Hole Detection device of going beyond one's commission in parallel of one embodiment according to the disclosure;
Figure 10 shows the structural schematic diagram for being suitable for the computer system for the electronic equipment for being used to realize the embodiment of the present disclosure.
Specific embodiment
Example embodiment is described more fully with reference to the drawings.However, example embodiment can be with a variety of shapes
Formula is implemented, and is not understood as limited to example set forth herein;On the contrary, thesing embodiments are provided so that the disclosure will more
Fully and completely, and by the design of example embodiment comprehensively it is communicated to those skilled in the art.
In addition, described feature, structure or characteristic can be incorporated in one or more implementations in any suitable manner
In example.In the following description, many details are provided to provide and fully understand to embodiment of the disclosure.However,
It will be appreciated by persons skilled in the art that can with technical solution of the disclosure without one or more in specific detail,
Or it can be using other methods, constituent element, device, step etc..In other cases, it is not shown in detail or describes known side
Method, device, realization or operation are to avoid fuzzy all aspects of this disclosure.
Block diagram shown in the drawings is only functional entity, not necessarily must be corresponding with physically separate entity.
I.e., it is possible to realize these functional entitys using software form, or realized in one or more hardware modules or integrated circuit
These functional entitys, or these functional entitys are realized in heterogeneous networks and/or processor device and/or microcontroller device.
Flow chart shown in the drawings is merely illustrative, it is not necessary to including all content and operation/step,
It is not required to execute by described sequence.For example, some operation/steps can also decompose, and some operation/steps can close
And or part merge, therefore the sequence actually executed is possible to change according to the actual situation.
Fig. 1 is shown can be using the schematic diagram of the exemplary system architecture of the technical solution of the embodiment of the present disclosure.
As shown in Figure 1, system architecture 100 may include one of terminal device 101,102,103 or a variety of, network
104 and server 105.Network 104 between terminal device and server 105 to provide the medium of communication link.Network 104
It may include various connection types, such as wired communications links, wireless communication link etc..
It should be understood that the number of terminal device, network and server in Fig. 1 is only schematical.According to practical need
It wants, can have any number of terminal device, network and server.For example server 105 can be multiple server compositions
Server cluster etc..
User can be used terminal device 101,102,103 and be interacted by network 104 with server 105, to receive or send out
It delivers letters breath etc..Terminal device 101,102,103 can be the various electronic equipments with display screen, including but not limited to intelligent hand
Machine, tablet computer, portable computer and desktop computer etc..
In one embodiment of the present disclosure, terminal device 101 are also possible to build leakage in terminal device 102,103
Hole scanner, for scanning loophole of going beyond one's commission in parallel, vulnerability scanners can be obtained from the url list stored in terminal device 101
The first access address comprising target component is taken, and first network request, target ginseng therein are constructed according to the first access address
Number is digital shape parameter, and all URL comprising digital shape parameter can be used as the first access comprising target component in url list
Address;Then network communication module is called, vulnerability scanners can request first network to be sent to network communication module, so that
First network request is sent to server 105 by network 104 by network communication module, and receives the of the return of server 105
One response message;After the first response message for receiving network communication module return, vulnerability scanners repair target component
Change, and the second network request is constructed according to the second access address comprising modified target component;Then pass through network communication
Second network request is sent to server 105 by module, to obtain the second response message of the return of server 105;Last loophole
Scanner can judge Business Logic with the presence or absence of parallel loophole of going beyond one's commission according to the first response message with the second response message.This
On the one hand disclosed technical solution can quickly detect loophole of going beyond one's commission in parallel, improve the safety of Business Logic;Another party
Face can be improved the safety of user's sensitive data, further promote user experience.
It should be noted that leak detection method of going beyond one's commission in parallel provided by the embodiment of the present disclosure is generally held by terminal device
Row, correspondingly, Hole Detection of going beyond one's commission in parallel device is generally positioned in terminal device.But in the other embodiments of the disclosure
In, the detection scheme for loophole of going beyond one's commission in parallel provided by the embodiment of the present disclosure can also be executed as server.
The embodiment of the present disclosure first proposed a kind of leak detection method of going beyond one's commission in parallel, below to the skill of the embodiment of the present disclosure
The realization details of art scheme is described in detail:
Fig. 2 diagrammatically illustrates the flow chart of the leak detection method of going beyond one's commission in parallel of one embodiment according to the disclosure,
The leak detection method of going beyond one's commission in parallel can be executed by the vulnerability scanners in terminal device, which can be Fig. 1
Shown in controlling terminal 101.Referring to shown in Fig. 2, the leak detection method of going beyond one's commission in parallel is including at least step S210 to step
S250 is described in detail as follows:
In step S210, obtain include target component the first access address, and according to the first access address building the
One network request.
It in one embodiment of the present disclosure, can be in terminal device when user obtains Internet resources by terminal device 101
Access trace is left in 101, URL corresponding to the webpage that access trace as accessed, URL is uniform resource locator, is used
Come the position where description information and access mode.Can detecte corresponding business according to URL whether there is loophole of going beyond one's commission in parallel, because
This can integrate the webpage URL that user accessed, and form url list, then by vulnerability scanners in url list
Each URL carry out Hole Detection.The format of each URL is according to access information position and access mode in url list
It is different and different, such as parameter in the URL that has only includes textual parameters, and the parameter in some URL is in addition to including text
Shape parameter also includes digital shape parameter, and in embodiment of the disclosure, it needs to be changed the digital shape parameter in URL,
And it whether there is in the detection Business Logic of the response message according to corresponding to the URL containing different digital shape parameter and go beyond one's commission in parallel
Loophole, therefore the URL comprising digital shape parameter can be screened from url list as the first access comprising target component
Location.
It in one embodiment of the present disclosure, can after obtaining the first access address comprising target component in url list
To construct first network request according to first access address.When constructing first network request, can include according in URL
Agreement is constructed, such as first network request can be HTTP request, can be HTTPS request, etc., and the disclosure is implemented
Example is not specifically limited in this embodiment.In order to keep the technical solution of the disclosure more clear, hereafter will using HTTP request as network request into
Row explanation.
In step S220, network communication services are called, according to the first response message of first network request.
In one embodiment of the present disclosure, the first HTTP request is constructed according to the first access address comprising target component
Afterwards, vulnerability scanners can call network communication services, according to the first response message of first network request.The network is logical
Telecommunications services correspond to a network communication module, and the first HTTP request can be sent to the network communication module by vulnerability scanners, when
After network communication module receives the first HTTP request, the first HTTP request is sent to server, and receive server and return
The first response message corresponding with the first HTTP request returned;Then the first response message can be back to by network communication module
Vulnerability scanners.
In step S230, target component is modified, to form the second access address for including modified target component, and
The second network request is constructed according to the second access address.
In one embodiment of the present disclosure, for loophole of going beyond one's commission in parallel, user can be by changing in access address
Parameter obtains the information of other users, therefore in order to judge whether there is loophole of going beyond one's commission in parallel, can be in the first access address
Target component modify, to obtain the second access address, and then according to the corresponding response message of the first access address and
The corresponding response message of two access address judges whether there is loophole of going beyond one's commission in parallel.
In one embodiment of the present disclosure, can be based on target component when modifying target component, increasing adds deduct
Few default value, such as target component are 100, in modification, can on the basis of 100 plus or minus one, add 2 or subtract 2, etc.
Deng.In order to detect whether there is loophole of going beyond one's commission in parallel, target component can repeatedly be modified, detecting multiple includes different ginsengs
Whether response message acquired in several URL is identical, such as gradually subtracts 1 for target component 100, is respectively to obtain target component
100,99,98 ... 0 when the corresponding response message of access address, and by response message corresponding to original object parameter 100
Response message corresponding with each modified target component is compared, and according to comparison result judge whether there is it is parallel more
Weigh loophole.
In step S240, network communication services are called, to obtain the second response message according to the second network request.
In one embodiment of the present disclosure, after having modified target component and obtaining the second access address, vulnerability scanners
The second network request can be constructed according to the second access address, since the difference of the second access address and the first access address only exists
In the change of target component, protocol type therein is simultaneously had not been changed, therefore the type of the second network request and first network are requested
Type it is identical, such as be all HTTP request;Then vulnerability scanners can call network communication services, according to the second network
The second response message of request.Specifically, the second HTTP request is sent to network communication module by vulnerability scanners;Then net
The second HTTP request received is sent to server by network communication module, and receive server return with the second HTTP request
Corresponding second response message;Second response message is back to vulnerability scanners by last network communication module, so that loophole is swept
It retouches device and parallel loophole of going beyond one's commission is detected with the second response message according to the first response message.
In step s 250, parallel loophole of going beyond one's commission is judged whether there is with the second response message according to the first response message.
In one embodiment of the present disclosure, a rules administration module can be set in terminal device 101, wherein storing
There are the detected rule of one or more corresponding different type loopholes, after obtaining the first response message and the second response message, leakage
Hole scanner can extract corresponding judgment rule according to the type of loophole to be detected from rules administration module, and according to judgement
Rule handles the first response message and the second response message, and then is judged whether there is according to processing result and gone beyond one's commission in parallel
Loophole.It is worth noting that, the detected rule in rules administration module is all the rule set write by tactful personnel, and rule
The maintenance and reparation of management module are realized by tactful personnel.
In one embodiment of the present disclosure, judge whether there is in parallel go beyond one's commission loophole when, can be with calling rule management
The first judgment rule is serviced and extracts, with parallel with the progress of the first judgment rule according to the first response message, the second response message
It goes beyond one's commission the detection of loophole, wherein first judgment rule includes that content compares and content-length compares.Fig. 3 shows a kind of inspection
The flow diagram for loophole of going beyond one's commission in parallel is surveyed, the method for loophole includes at least step S301- as shown in figure 3, detection is gone beyond one's commission in parallel
S303, specifically:
In step S301, the content of the first response message is compared with the content of the second response message.
In one embodiment of the present disclosure, the content of response message is corresponding with network request, such as when user browses
News website and when clicking certain headline, response message is the corresponding news content of the headline;It is purchased when user logs in
When object platform inquires order information, response message is the information such as order number, order detail;Etc..In order to determine target component
Modification whether have an impact to the content of response message, and then can obtained in judgement business with the presence or absence of going beyond one's commission loophole in parallel
After taking the first response message and the second response message, the content of response message is compared, and is sentenced according to comparison result
It is disconnected.
In step s 302, if the content of the first response message is identical as the content of the second response message, determine not deposit
In loophole of going beyond one's commission in parallel.
In one embodiment of the present disclosure, it is carried out in the content of content and the second response message to the first response message
When comparison, each character in the first response message can be compared with each character in the second response message, if
All characters in first response message are identical as all characters in the second response message, then the content of the first response message with
The content of second response message is identical.The corresponding access address containing different target parameter, the response message received is identical, says
The modification of bright target component does not influence the response message of acquisition, further relates to corresponding the first access comprising target component
There is no loopholes of going beyond one's commission in parallel for the business of location.
In step S303, if the content of the first response message is different from the content of the second response message, according to first
The content-length of response message judges whether there is parallel loophole of going beyond one's commission with the content-length of the second response message.
In one embodiment of the present disclosure, when the content of the first response message is different from the content of the second response message
When, illustrate that the modification of target component has an impact to the response message of acquisition, but can not clearly correspond to the comprising target component
There is loophole of going beyond one's commission in parallel in the business of one access address, for example, if user is the in browsing news, comprising target component
Corresponding first response message of one access address is the news of first health class, after modifying target component, includes target after modification
Corresponding second response message of second access address of parameter is the news of first political situation of the time class, the first response message and the second response
Information is entirely different, but news belongs to public information, and any user can browse, there is no in parallel go beyond one's commission the case where, because
This, can not be clearly with the presence or absence of leakage of going beyond one's commission in parallel in the content difference of the content and the second response message of the first response message
Hole needs further to detect.
Go beyond one's commission loophole in parallel to further detect, can the content-length of information according to response detected, it is specific and
Speech, user, which wants to go beyond one's commission, obtains the sensitive information of other users, if going beyond one's commission success, the content-length of response message will not
It differs greatly, therefore can be judged according to the content-length of the first response message and the content-length of the second response message.
Step S303 further comprises leak detection method shown in Fig. 4 of going beyond one's commission in parallel, as shown in figure 4, the detection method includes at least
Step S401-S404, specifically:
In step S401, the content-length of the content-length of the first response message and the second response message is made into ratio, with
Obtain a target ratio.
In one embodiment of the present disclosure, if going beyond one's commission success, user will obtain the same type information of other users, example
If user gets its order number in shopping platform according to the first access address, after modifying target component, visited according to second
Ask that address gets order number of the other users in the shopping platform, then the length of the two order numbers may be equal,
It may differ by one two, but according only to the parallel loophole of going beyond one's commission of the whether equal detection of content-length, may there is the feelings of missing inspection
Condition, so in order to improve the precision of Hole Detection and comprehensive, it can be by the content-length of the first response message and the second sound
It answers the content-length of information to make ratio, to obtain target ratio, and loophole of going beyond one's commission in parallel is judged whether there is according to target ratio.
In step S402, target ratio is compared with preset threshold.
In one embodiment of the present disclosure, if going beyond one's commission success, the content-length of the first response message and second
The equal length of response message or close to equal, that is to say, that, will not be very big even if there is difference, therefore can be set one compared with
Small preset threshold, by the way that the preset threshold compared with target ratio, to be judged whether there is to loophole of going beyond one's commission in parallel.Specifically,
The preset threshold can be set to 1.5,2 etc., naturally it is also possible to be set as other values, the embodiment of the present disclosure is not done this specifically
It limits.
In step S403, if target ratio is less than the preset threshold, determine there is loophole of going beyond one's commission in parallel.
In step s 404, if target ratio is greater than or equal to the preset threshold, determine that there is no leakages of going beyond one's commission in parallel
Hole.
In one embodiment of the present disclosure, target ratio is compared with preset threshold, if target ratio is less than in advance
If threshold value, illustrate that the content-length of the first response message is close with the content-length of the second response message, based on the first response letter
The content of breath is different from the content of the second response message, can determine that the corresponding business of the first access address has leakage of going beyond one's commission in parallel
Hole;If target ratio is greater than or equal to preset threshold, illustrate the interior of the content-length of the first response message and the second response message
It is larger to hold length difference, thus may determine that there is no loopholes of going beyond one's commission in parallel for the corresponding business of the first access address.For example,
Party A-subscriber is according to its available original order number for buying commodity on shopping website of the first access address, first access
Include target component in location: sub-id=8, party A-subscriber modify the target component in the first access address, after obtaining modification
Target component are as follows: then sub-id=10 re-starts visit according to the second access address comprising modified target component
It asks, obtains a new order number, original order number and new order number are compared, if the content of the two is different, still
The content-length of the two is identical, illustrates that the second access address has been directed toward order number of another user on the shopping website, party A-subscriber
The sensitive information of other users is obtained by modifying target component, and then can be determined in the Business Logic of the shopping website
In the presence of loophole of going beyond one's commission in parallel;If the content of the two is different, and the content-length of the two also differs greatly, and illustrates that party A-subscriber is logical
It crosses modification target component and the sensitive information of other users has not been obtained, and then can determine the Business Logic of the shopping website not
In the presence of loophole of going beyond one's commission in parallel, in the case of content-length differs larger, corresponding second response message of the second access address is logical
It is often the prompt informations such as " no access authority " or " mistake ".
In one embodiment of the present disclosure, when user carries out network resource accession, each website, browser can be in users
User data, i.e. cookie are stored in terminal, for distinguishing user identity, carrying out session tracking, when user logs in next time
When, so that it may the user information in cookie is called, improves and logs in efficiency.Usually obtain user sensitive information the page must be
Under user's logging state, if being stored with cookie in terminal device 101, even if user log off, but in weight
When new opening Website page, terminal device 101 may call cookie automatically, so that user is still with the state of login user
It accesses to website, is difficult to detect whether there is loophole of going beyond one's commission in parallel in this way, therefore in order to reduce rate of false alarm, Ke Yixian
The cookie being locally stored is deleted, the target component in the first access address is then modified, includes modified target to be formed
The third access address of parameter, then calls network communication services, obtains third response message according to third access address.Its
In, the target component in third access address is identical as the target component in the second access address, is obtaining third response message
Afterwards, the second response message can be compared with third response message, judges whether there is loophole of going beyond one's commission in parallel.
When the second response message to be compared with third response message, can be compared according to default judgment rule
Compared with, specifically, can with calling rule management service and extract the second judgment rule, with according to the second response message, third response
Information loophole of going beyond one's commission parallel with the detection of the second judgment rule.Second judgment rule includes that content compares, and it is flat that Fig. 5 shows detection
The flow diagram of capable loophole of going beyond one's commission, as shown in figure 5, responding the content of the second response message and third in step S501
The content of information is compared;In step S502, if the content of the second response message is identical as the content of third response message,
Then determine that there is no loopholes of going beyond one's commission in parallel;In step S503, if the content of the second response message and third response message is interior
Appearance is not identical, then determines there is loophole of going beyond one's commission in parallel.Wherein method and content comparison method phase shown in Fig. 3 that content compares
Together, details are not described herein for the embodiment of the present disclosure.
Deleting cookie can guarantee that third response message is obtained under no logging state, if the second response message
Content it is identical as the content of third response message, illustrate there is no going beyond one's commission loophole in parallel, such as news/bulletin page class
Public information also can normally be accessed under no logging state;If the content of the second response message is interior with third response message
Appearance is not identical, and illustrating Business Logic, there may be loopholes of going beyond one's commission in parallel.
In one embodiment of the present disclosure, in order to further determine whether to have loophole of going beyond one's commission in parallel, so that user can
It, can be according to default judgment rule to the first response message and the second response message with the sensitive information for obtaining other users of going beyond one's commission
In sensitive information be compared.Specifically, third judgment rule, the third can therefrom be extracted with calling rule management service
It include the corresponding preset field of sensitive information, such as cell-phone number, identification card number, QQ number, mailbox, address, name in judgment rule
Etc., then according to the first response message, the detection of the second response message loophole of going beyond one's commission parallel with the progress of third judgment rule.
Fig. 6 shows the flow diagram of the parallel loophole of going beyond one's commission of detection, the side of loophole as shown in fig. 6, detection is gone beyond one's commission in parallel
Method includes at least step S601- step S604, specifically:
In step s 601, the first object in the first response message is extracted according to the preset field in third judgment rule
The second target information in information and the second response message.
In an exemplary embodiment of the disclosure, in order to the sensitive information and the second response message in the first response message
In sensitive information be compared, need to extract required sensitive information from the first response message and the second response message, lead to
The all corresponding specifically title of normal sensitive information, such as: cell-phone number 134XXXX5678, it is desirable to obtain specific cell-phone number and just need
Matched and searched is carried out according to this title of cell-phone number.
Fig. 7 shows the flow diagram for obtaining first object information and the second target information, as shown in fig. 7, in step
In S701, preset field is matched with all fields in the first response message, and preset field is responded with second
All fields in information are matched;In step S702, when in the first response message exist and the matched mesh of preset field
When marking-up section, information corresponding with aiming field in the first response message is extracted, and will information conduct corresponding with aiming field
First object information;In step S703, when there is aiming field matched with preset field in the second response message, extract
Information corresponding with aiming field in second response message, and will information corresponding with aiming field as the second target information.
In step S602, first object information and the second target information are compared;
In one embodiment of the present disclosure, after obtaining first object information and the second target information, can by the two into
Row compares, and determines whether there is loophole of going beyond one's commission in parallel according to comparison result.
In step S603, if first object information is identical as the second target information, determine that there is no leakages of going beyond one's commission in parallel
Hole;
In step s 604, if first object information and the second target information be not identical, determine there is leakage of going beyond one's commission in parallel
Hole.
In one embodiment of the present disclosure, when first object information is identical as the second target information, illustrate user simultaneously
It does not go beyond one's commission and obtains the sensitive information of other users, such as the user of corresponding user-id=100, sensitive information are as follows: cell-phone number
13456789012, the user of user-id=101, sensitive information or cell-phone number 13456789012 are corresponded to, illustrates to modify mesh
Mark parameter does not influence the content of response message, and user will not be obtained the sensitive of other users by modification target component and be believed
Breath, because loophole of going beyond one's commission in parallel may be not present;When first object information and when the second target information difference, illustrate that user goes beyond one's commission acquisition
The sensitive information of other users, such as the user of corresponding user-id=100, sensitive information are as follows: cell-phone number 13456789012,
The user of corresponding user-id=101, sensitive information are as follows: cell-phone number 15678901234 illustrates that modifying target component believes response
The content of breath has an impact, and user can obtain the sensitive information of other users by modification target component, thus there is parallel get over
Weigh loophole.
In one embodiment of the present disclosure, when in URL there are when multiple digital shape parameters, can be one by one to each number
It include customer parameter in go beyond one's commission in parallel leak detection method, such as an order URL in the shape parameter application embodiment of the present disclosure
User-id, parameter shipping-id is sent, then first can repeatedly be modified user-id, according to original user parameter
Judge the URL with the presence or absence of parallel loophole of going beyond one's commission with the corresponding returned content of modified parameter every time, if it is decided that it is not present,
It can continue repeatedly to modify shipping-id, and be sent corresponding to parameter and each modified parameter according to original
Returned content judge the URL with the presence or absence of going beyond one's commission loophole in parallel.
In one embodiment of the present disclosure, determine there is leakage of going beyond one's commission in parallel in Business Logic according to the embodiment of the present disclosure
It, can be by vulnerability scanners by vulnerability information, as there is the first access address of loophole of going beyond one's commission in parallel, corresponding target behind hole
Parameter etc. is sent to server and is saved, in case targetedly being repaired when later maintenance.
In one embodiment of the present disclosure, loophole of going beyond one's commission in parallel can be detected by multiple contrast judgement processes, improved
The detection efficiency and precision of parallel loophole of going beyond one's commission, Fig. 8 shows the flow diagram of the parallel loophole of going beyond one's commission of detection, such as Fig. 8 institute
Show: in step S801, according to the first access address building first network request comprising target component, and according to first network
The first response message of request;In step S802, target component is modified, according to second comprising modified target component
Access address constructs the second network request, and obtains the second response message according to the second network request;In step S803, removal
Cookie constructs third network request according to the third access address comprising modified target component, and according to third network
Request third response message;In step S804, the content of the first response message and the content of the second response message are judged
It is whether identical;In step S805, when the content of the first response message is identical as the content of the second response message, judgement is not deposited
In loophole of going beyond one's commission in parallel;In step S806, when the content of the content of the first response message and the second response message is not identical,
Judge whether content-length/second response message content-length of the first response message is less than preset threshold;In step S807
In, when the content-length of the first response message/second response message content-length is greater than or equal to preset threshold, determine not
In the presence of loophole of going beyond one's commission in parallel;In step S808, when content-length/second response message content-length of the first response message
When less than preset threshold, whether the content of the content and third response message that judge the second response message is identical;In step S809
In, when the content of the second response message is identical with the content of third response message, determine that there is no loopholes of going beyond one's commission in parallel;In step
In rapid S810, when the content of the content of the second response message and third response message is not identical, judge in the first response message
Sensitive information and the sensitive information in the second response message it is whether identical;In step S811, when in the first response message
When sensitive information is identical as the sensitive information in the second response message, determine that there is no loopholes of going beyond one's commission in parallel;In step S812,
When the sensitive information in the sensitive information and the second response message in the first response message is not identical, determines to exist and go beyond one's commission in parallel
Loophole.
It is worth noting that being responded in the process that above-mentioned detection goes beyond one's commission loophole in parallel to the second response message and third
The step of content of information is compared can compare with to the first response message and the sensitive information in the second response message
Pair step exchange, i.e., when the content-length of the first response message/second response message content-length is less than default threshold
When value, judge whether the sensitive information in the first response message and the sensitive information in the second response message are identical;When the first sound
When answering the sensitive information in information identical as the sensitive information in the second response message, determine that there is no loopholes of going beyond one's commission in parallel;When
When the sensitive information in sensitive information and the second response message in first response message is not identical, the second response message is judged
Whether the content of content and third response message is identical;When the content of the second response message is identical with the content of third response message
When, determine that there is no loopholes of going beyond one's commission in parallel;When the content of the content of the second response message and third response message is not identical, sentence
It is fixed to there is loophole of going beyond one's commission in parallel.
In the embodiment of the present disclosure in parallel go beyond one's commission leak detection method can by modification access address in target component,
According to the parallel loophole of going beyond one's commission of the detection of response message corresponding to the access address comprising different target parameter, and gone by comparison
Fall cookie and do not remove the content of the response message of cookie and compare the content of sensitive information in response message, compensates for
Vulnerability scanners reduce rate of false alarm to the shortcoming on the inspection policies for loophole of going beyond one's commission in parallel, improve loophole of going beyond one's commission in parallel
Detection efficiency and accuracy rate improve the safety of user sensitive information, and further the user experience is improved.
The Installation practice of the disclosure introduced below can be used for executing the leakage of going beyond one's commission in parallel in disclosure above-described embodiment
Hole detection method.For those undisclosed details in the apparatus embodiments, the above-mentioned loophole of going beyond one's commission in parallel of the disclosure is please referred to
The embodiment of detection method.
Fig. 9 diagrammatically illustrates the block diagram of the Hole Detection device of going beyond one's commission in parallel of one embodiment according to the disclosure.
Referring to shown in Fig. 9, according to the Hole Detection device 900 of going beyond one's commission in parallel of one embodiment of the disclosure, comprising: first
Request building module 901, the first information obtain module 902, second request building module 903,904 and of the second data obtaining module
Hole Detection of going beyond one's commission module 905.
Specifically, the first request building module 901, for obtaining the first access address comprising target component, and according to
The first access address building first network request;The first information obtains module 902, for calling network communication services, with
According to first response message of first network request;Second request building module 903, for modifying the target ginseng
Number to form the second access address for including modified target component, and constructs the second net according to second access address
Network request;Second data obtaining module 904, for calling the network communication services, to be obtained according to second network request
Take the second response message;Hole Detection of going beyond one's commission module 905, for according to first response message and second response message
Judge whether there is loophole of going beyond one's commission in parallel.
In one embodiment of the present disclosure, Hole Detection of going beyond one's commission module 905 includes first detection unit, for calling rule
Then management service to extract the first judgment rule, and is sentenced according to the first response message, the second response message and the first judgment rule
It is disconnected to whether there is loophole of going beyond one's commission in parallel.
In one embodiment of the present disclosure, the first judgment rule includes that content compares and content-length comparison;Before being based on
Scheme is stated, first detection unit includes: comparing unit, for by the content of the content of the first response message and the second response message
It is compared;First judging unit when identical as the content of the second response message for the content in the first response message, determines
There is no loopholes of going beyond one's commission in parallel;Second judging unit, the content for content and the second response message in the first response message
When different, parallel go beyond one's commission is judged whether there is with the content-length of the second response message according to the content-length of the first response message
Loophole.
In one embodiment of the present disclosure, the second judging unit be configured that by the content-length of the first response message with
The content-length of second response message makees ratio, to obtain a target ratio;Target ratio is compared with preset threshold;If mesh
It marks ratio and is less than preset threshold, then determine there is loophole of going beyond one's commission in parallel;If target ratio is greater than or equal to preset threshold, determine
There is no loopholes of going beyond one's commission in parallel.
In one embodiment of the present disclosure, target component is digital shape parameter;Second request building module 903 configures
Are as follows: based on target component, default value is increased or decreased, to modify to target component.
In one embodiment of the present disclosure, it goes beyond one's commission in parallel Hole Detection device 900 further include: third request building mould
Block includes the third access address of modified target component with formation for deleting the user information being locally stored, and according to
Third access address constructs third network request;Third data obtaining module, for calling network communication services, according to third
Network request obtains third response message;It goes beyond one's commission loophole judgment module, for according to the second response message and third response message
Judge whether there is loophole of going beyond one's commission in parallel.
In one embodiment of the present disclosure, loophole judgment module 905 of going beyond one's commission includes: second detection unit, for calling
Regulation management service, to extract the second judgment rule, and according to the second response message, third response message and the second judgment rule
Judge whether there is loophole of going beyond one's commission in parallel.
In one embodiment of the present disclosure, the second judgment rule includes that content compares;Second detection unit be configured that by
The content of second response message is compared with the content of third response message;If the content of the second response message and third respond
The content of information is identical, then determines that there is no loopholes of going beyond one's commission in parallel;If the content of the second response message and third response message
Content is not identical, then determines there is loophole of going beyond one's commission in parallel.
In one embodiment of the present disclosure, it goes beyond one's commission in parallel Hole Detection device 900 further include: third detection unit is used
In calling rule management service, to extract third judgment rule, to be sentenced according to the first response message, the second response message and third
Disconnected rule judges whether there is loophole of going beyond one's commission in parallel.
In one embodiment of the present disclosure, third judgment rule includes that target information compares;Third detection unit includes:
Information extraction unit, for extracting the first object information in the first response message according to the preset field in third judgment rule
With the second target information in the second response message;Information comparison unit is used for first object information and the second target information
It is compared;Third judging unit is got over for determining when first object information is identical as the second target information there is no parallel
Weigh loophole;4th judging unit is gone beyond one's commission in parallel for determining to exist when first object information and the second target information is not identical
Loophole.
In one embodiment of the present disclosure, be configured that will be in preset field and the first response message for information extraction unit
All fields matched, and preset field is matched with all fields in the second response message;When the first sound
When answering in information in the presence of aiming field matched with preset field, letter corresponding with aiming field in the first response message is extracted
Breath, and will information corresponding with aiming field as first object information;When in the second response message exist and preset field
When the aiming field matched, information corresponding with aiming field in the second response message is extracted, and will letter corresponding with aiming field
Breath is used as the second target information.
In one embodiment of the present disclosure, go beyond one's commission in parallel Hole Detection device 900 further include: preserving module, for
It determines and exists when going beyond one's commission loophole in parallel, will be present and go beyond one's commission the first access address of loophole in parallel and corresponding target component is sent to
Server is saved.
Figure 10 shows the structural schematic diagram for being suitable for the computer system for the electronic equipment for being used to realize the embodiment of the present disclosure.
It should be noted that the computer system 1000 of the electronic equipment shown in Figure 10 is only an example, it should not be to this
The function and use scope of open embodiment bring any restrictions.
As shown in Figure 10, computer system 1000 include central processing unit (Central Processing Unit,
CPU) 1001, it can be according to the program being stored in read-only memory (Read-Only Memory, ROM) 1002 or from depositing
It stores up the program that part 1008 is loaded into random access storage device (Random Access Memory, RAM) 1003 and executes each
Kind movement appropriate and processing, realize method for processing video frequency described in above-described embodiment.In RAM 1003, also it is stored with and is
Various programs and data needed for system operation.CPU 1001, ROM 1002 and RAM 1003 are connected with each other by bus 1004.
Input/output (Input/Output, I/O) interface 1005 is also connected to bus 1004.
I/O interface 1005 is connected to lower component: the importation 1006 including keyboard, mouse etc.;Including such as cathode
Ray tube (Cathode Ray Tube, CRT), liquid crystal display (Liquid Crystal Display, LCD) etc. and loudspeaking
The output par, c 1007 of device etc.;Storage section 1008 including hard disk etc.;And including such as LAN (Local Area
Network, local area network) card, modem etc. network interface card communications portion 1009.Communications portion 1009 is via such as
The network of internet executes communication process.Driver 1010 is also connected to I/O interface 1005 as needed.Detachable media
1011, such as disk, CD, magneto-optic disk, semiconductor memory etc., are mounted on as needed on driver 1010, in order to
It is mounted into storage section 1008 as needed from the computer program read thereon.
Particularly, in accordance with an embodiment of the present disclosure, it may be implemented as computer below with reference to the process of flow chart description
Software program.For example, embodiment of the disclosure includes a kind of computer program product comprising be carried on computer-readable medium
On computer program, which includes the program code for method shown in execution flow chart.In such reality
It applies in example, which can be downloaded and installed from network by communications portion 1009, and/or from detachable media
1011 are mounted.When the computer program is executed by central processing unit (CPU) 1001, executes in the system of the disclosure and limit
Various functions.
It should be noted that computer-readable medium shown in the embodiment of the present disclosure can be computer-readable signal media
Or computer readable storage medium either the two any combination.Computer readable storage medium for example can be with
System, device or the device of --- but being not limited to --- electricity, magnetic, optical, electromagnetic, infrared ray or semiconductor, or it is any more than
Combination.The more specific example of computer readable storage medium can include but is not limited to: have one or more conducting wires
Electrical connection, portable computer diskette, hard disk, random access storage device (RAM), read-only memory (ROM), erasable type are programmable
Read-only memory (Erasable Programmable Read Only Memory, EPROM), flash memory, optical fiber, Portable, compact
Disk read-only memory (Compact Disc Read-Only Memory, CD-ROM), light storage device, magnetic memory device or
The above-mentioned any appropriate combination of person.In the disclosure, computer readable storage medium can be it is any include or storage program
Tangible medium, which can be commanded execution system, device or device use or in connection.And in this public affairs
In opening, computer-readable signal media may include in a base band or as carrier wave a part propagate data-signal,
In carry computer-readable program code.The data-signal of this propagation can take various forms, including but not limited to
Electromagnetic signal, optical signal or above-mentioned any appropriate combination.Computer-readable signal media can also be computer-readable
Any computer-readable medium other than storage medium, the computer-readable medium can send, propagate or transmit for by
Instruction execution system, device or device use or program in connection.The journey for including on computer-readable medium
Sequence code can transmit with any suitable medium, including but not limited to: wireless, wired etc. or above-mentioned is any appropriate
Combination.
Flow chart and block diagram in attached drawing are illustrated according to the system of the various embodiments of the disclosure, method and computer journey
The architecture, function and operation in the cards of sequence product.In this regard, each box in flowchart or block diagram can generation
A part of one module, program segment or code of table, a part of above-mentioned module, program segment or code include one or more
Executable instruction for implementing the specified logical function.It should also be noted that in some implementations as replacements, institute in box
The function of mark can also occur in a different order than that indicated in the drawings.For example, two boxes succeedingly indicated are practical
On can be basically executed in parallel, they can also be executed in the opposite order sometimes, and this depends on the function involved.Also it wants
It is noted that the combination of each box in block diagram or flow chart and the box in block diagram or flow chart, can use and execute rule
The dedicated hardware based systems of fixed functions or operations is realized, or can use the group of specialized hardware and computer instruction
It closes to realize.
Being described in unit involved in the embodiment of the present disclosure can be realized by way of software, can also be by hard
The mode of part realizes that described unit also can be set in the processor.Wherein, the title of these units is in certain situation
Under do not constitute restriction to the unit itself.
As on the other hand, the disclosure additionally provides a kind of computer-readable medium, which can be
Included in electronic equipment described in above-described embodiment;It is also possible to individualism, and without in the supplying electronic equipment.
Above-mentioned computer-readable medium carries one or more program, when the electronics is set by one for said one or multiple programs
When standby execution, so that the electronic equipment realizes method described in above-described embodiment.
It should be noted that although being referred to several modules or list for acting the equipment executed in the above detailed description
Member, but this division is not enforceable.In fact, according to embodiment of the present disclosure, it is above-described two or more
Module or the feature and function of unit can embody in a module or unit.Conversely, an above-described mould
The feature and function of block or unit can be to be embodied by multiple modules or unit with further division.
Through the above description of the embodiments, those skilled in the art is it can be readily appreciated that example described herein is implemented
Mode can also be realized by software realization in such a way that software is in conjunction with necessary hardware.Therefore, according to the disclosure
The technical solution of embodiment can be embodied in the form of software products, which can store non-volatile at one
Property storage medium (can be CD-ROM, USB flash disk, mobile hard disk etc.) in or network on, including some instructions are so that a calculating
Equipment (can be personal computer, server, touch control terminal or network equipment etc.) is executed according to disclosure embodiment
Method.
Those skilled in the art after considering the specification and implementing the invention disclosed here, will readily occur to its of the disclosure
Its embodiment.The disclosure is intended to cover any variations, uses, or adaptations of the disclosure, these modifications, purposes or
Person's adaptive change follows the general principles of this disclosure and including the undocumented common knowledge in the art of the disclosure
Or conventional techniques.
It should be understood that the present disclosure is not limited to the precise structures that have been described above and shown in the drawings, and
And various modifications and changes may be made without departing from the scope thereof.The scope of the present disclosure is only limited by the accompanying claims.
Claims (15)
1. a kind of leak detection method of going beyond one's commission in parallel characterized by comprising
The first access address comprising target component is obtained, and first network request is constructed according to first access address;
Network communication services are called, according to first response message of first network request;
The target component is modified, to form the second access address for including modified target component, and according to described second
Access address constructs the second network request;
The network communication services are called, to obtain the second response message according to second network request;
Parallel loophole of going beyond one's commission is judged whether there is with second response message according to first response message.
2. leak detection method according to claim 1 of going beyond one's commission in parallel, according to first response message and described second
Response message judges whether there is loophole of going beyond one's commission in parallel, comprising:
Calling rule management service simultaneously extracts the first judgment rule, and is believed according to first response message, second response
Breath judges whether there is the parallel loophole of going beyond one's commission with first judgment rule.
3. according to claim 2 go beyond one's commission leak detection method in parallel, which is characterized in that first judgment rule includes
Content compares and content-length compares;
It is described that institute is judged whether there is according to first response message, second response message and first judgment rule
State loophole of going beyond one's commission in parallel, comprising:
The content of first response message is compared with the content of second response message;
If the content of first response message is identical as the content of second response message, determine that there is no described parallel
It goes beyond one's commission loophole;
If the content of first response message is different from the content of second response message, believed according to first response
The content-length of breath judges whether there is the parallel loophole of going beyond one's commission with the content-length of second response message.
4. leak detection method according to claim 3 of going beyond one's commission in parallel, which is characterized in that described according to first response
The content-length of information judges whether there is the parallel loophole of going beyond one's commission with the content-length of second response message, comprising:
The content-length of the content-length of first response message and second response message is made into ratio, to obtain a target
Ratio;
The target ratio is compared with preset threshold;
If the target ratio is less than the preset threshold, determine that there are the loopholes of going beyond one's commission in parallel;
If the target ratio is greater than or equal to the preset threshold, determine that there is no the loopholes of going beyond one's commission in parallel.
5. leak detection method according to claim 1 of going beyond one's commission in parallel, which is characterized in that the target component is numeric type
Parameter;
The modification target component, comprising:
Based on the target component, default value is increased or decreased, to modify to the target component.
6. leak detection method according to claim 1 of going beyond one's commission in parallel is obtaining the second response according to the second network request
After information, the method also includes:
The user information being locally stored is deleted, to form the third access address for including the modified target component, and root
Third network request is constructed according to the third access address;
The network communication services are called, to obtain third response message according to the third network request;
The parallel loophole of going beyond one's commission is judged whether there is with the third response message according to second response message.
7. leak detection method according to claim 6 of going beyond one's commission in parallel, described according to second response message and described
Third response message judges whether there is the loophole of going beyond one's commission in parallel, comprising:
Calling rule management service simultaneously extracts the second judgment rule, and according to second response message, third response letter
Breath judges whether there is the parallel loophole of going beyond one's commission with second judgment rule.
8. according to claim 7 go beyond one's commission leak detection method in parallel, which is characterized in that second judgment rule includes
Content compares;
It is described that institute is judged whether there is according to second response message, the third response message and second judgment rule
State loophole of going beyond one's commission in parallel, comprising:
The content of second response message is compared with the content of the third response message;
If the content of second response message is identical as the content of the third response message, determine that there is no described parallel
It goes beyond one's commission loophole;
If the content of second response message is not identical as the content of the third response message, determine that there are described parallel
It goes beyond one's commission loophole.
9. leak detection method according to claim 1 of going beyond one's commission in parallel, which is characterized in that the method also includes:
Calling rule management service simultaneously extracts third judgment rule, to be believed according to first response message, second response
Breath judges whether there is the parallel loophole of going beyond one's commission with the third judgment rule.
10. leak detection method according to claim 9 of going beyond one's commission in parallel, which is characterized in that the third judgment rule packet
Include target information comparison;
It is described that institute is judged whether there is according to first response message, second response message and the third judgment rule
State loophole of going beyond one's commission in parallel, comprising:
First object information and the institute in first response message are extracted according to the preset field in the third judgment rule
State the second target information in the second response message;
The first object information and second target information are compared;
If the first object information is identical as second target information, determine that there is no the loopholes of going beyond one's commission in parallel;
If the first object information and second target information be not identical, determine that there are the loopholes of going beyond one's commission in parallel.
11. leak detection method according to claim 10 of going beyond one's commission in parallel, which is characterized in that described to be sentenced according to the third
Preset field in disconnected rule is extracted in first object information and second response message in first response message
Second target information, comprising:
The preset field is matched with all fields in first response message, and by the preset field with
All fields in second response message are matched;
When there is aiming field matched with the preset field in first response message, the first response letter is extracted
Information corresponding with the aiming field in breath, and information corresponding with the aiming field is believed as the first object
Breath;
When there is aiming field matched with the preset field in second response message, the second response letter is extracted
Information corresponding with the aiming field in breath, and information corresponding with the aiming field is believed as second target
Breath.
12. leak detection method according to claim 1 of going beyond one's commission in parallel, which is characterized in that the method also includes:
Determine there are it is described go beyond one's commission in parallel loophole when, first access address of loophole and corresponding of going beyond one's commission in parallel will be present
Target component is sent to server and is saved.
13. a kind of Hole Detection device of going beyond one's commission in parallel characterized by comprising
First request building module, for obtaining the first access address comprising target component, and according to first access
Location constructs first network request;
The first information obtains module, for calling network communication services, to be responded according to the first network request first
Information;
Second request building module, for modifying the target component, to form the second visit comprising modified target component
It asks address, and the second network request is constructed according to second access address;
Second data obtaining module, for calling the network communication services, to obtain second according to second network request
Response message;
Hole Detection of going beyond one's commission module, it is flat for being judged whether there is according to first response message and second response message
Capable loophole of going beyond one's commission.
14. a kind of computer equipment characterized by comprising
Processor;And
Memory is stored with computer-readable instruction on the memory, and the computer-readable instruction is held by the processor
The leak detection method of going beyond one's commission in parallel as described in any one of claims 1 to 12 is realized when row.
15. a kind of electronic equipment characterized by comprising
One or more processors;
Storage device, for storing one or more programs, when one or more of programs are by one or more of processing
When device executes, so that one or more of processors realize the leakage of going beyond one's commission in parallel as described in any one of claims 1 to 12
Hole detection method.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910741372.2A CN110489966A (en) | 2019-08-12 | 2019-08-12 | Parallel go beyond one's commission leak detection method, device, storage medium and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910741372.2A CN110489966A (en) | 2019-08-12 | 2019-08-12 | Parallel go beyond one's commission leak detection method, device, storage medium and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110489966A true CN110489966A (en) | 2019-11-22 |
Family
ID=68550583
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910741372.2A Pending CN110489966A (en) | 2019-08-12 | 2019-08-12 | Parallel go beyond one's commission leak detection method, device, storage medium and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110489966A (en) |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110995684A (en) * | 2019-11-26 | 2020-04-10 | 西安四叶草信息技术有限公司 | Vulnerability detection method and device |
| CN111125718A (en) * | 2019-12-24 | 2020-05-08 | 北京三快在线科技有限公司 | Unauthorized vulnerability detection method, device, equipment and storage medium |
| CN111209565A (en) * | 2020-01-08 | 2020-05-29 | 招商银行股份有限公司 | Horizontal override vulnerability detection method, equipment and computer readable storage medium |
| CN111274585A (en) * | 2020-01-19 | 2020-06-12 | 福建省农村信用社联合社 | Method, device, equipment and medium for detecting unauthorized vulnerability of Web application |
| CN111416811A (en) * | 2020-03-16 | 2020-07-14 | 携程旅游信息技术(上海)有限公司 | Unauthorized vulnerability detection method, system, equipment and storage medium |
| CN111427774A (en) * | 2020-03-09 | 2020-07-17 | 深圳开源互联网安全技术有限公司 | Request parameter modification method and system for application program test case |
| CN111756771A (en) * | 2020-07-21 | 2020-10-09 | 腾讯科技(深圳)有限公司 | Detection method and device for cross-site scripting attack |
| CN112464250A (en) * | 2020-12-15 | 2021-03-09 | 光通天下网络科技股份有限公司 | Method, device and medium for automatically detecting unauthorized vulnerability |
| CN113411333A (en) * | 2021-06-18 | 2021-09-17 | 杭州安恒信息技术股份有限公司 | Unauthorized access vulnerability detection method, device, system and storage medium |
| CN113779585A (en) * | 2021-01-04 | 2021-12-10 | 北京沃东天骏信息技术有限公司 | Unauthorized vulnerability detection method and device |
| US11429510B2 (en) | 2020-12-21 | 2022-08-30 | Coupang Corp. | Electronic apparatus for verifying code and method thereof |
| CN115348117A (en) * | 2022-10-20 | 2022-11-15 | 闪捷信息科技有限公司 | User level unauthorized behavior determination method and device |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107241292A (en) * | 2016-03-28 | 2017-10-10 | 阿里巴巴集团控股有限公司 | Leak detection method and device |
| CN107294919A (en) * | 2016-03-31 | 2017-10-24 | 阿里巴巴集团控股有限公司 | A kind of detection method and device of horizontal authority leak |
| CN107577949A (en) * | 2017-09-05 | 2018-01-12 | 郑州云海信息技术有限公司 | A kind of Web goes beyond one's commission leak detection method and system |
| CN108769070A (en) * | 2018-06-30 | 2018-11-06 | 平安科技(深圳)有限公司 | One kind is gone beyond one's commission leak detection method and device |
| CN109446819A (en) * | 2018-10-30 | 2019-03-08 | 北京知道创宇信息技术有限公司 | It goes beyond one's commission leak detection method and device |
-
2019
- 2019-08-12 CN CN201910741372.2A patent/CN110489966A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107241292A (en) * | 2016-03-28 | 2017-10-10 | 阿里巴巴集团控股有限公司 | Leak detection method and device |
| CN107294919A (en) * | 2016-03-31 | 2017-10-24 | 阿里巴巴集团控股有限公司 | A kind of detection method and device of horizontal authority leak |
| CN107577949A (en) * | 2017-09-05 | 2018-01-12 | 郑州云海信息技术有限公司 | A kind of Web goes beyond one's commission leak detection method and system |
| CN108769070A (en) * | 2018-06-30 | 2018-11-06 | 平安科技(深圳)有限公司 | One kind is gone beyond one's commission leak detection method and device |
| CN109446819A (en) * | 2018-10-30 | 2019-03-08 | 北京知道创宇信息技术有限公司 | It goes beyond one's commission leak detection method and device |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110995684B (en) * | 2019-11-26 | 2022-06-28 | 西安四叶草信息技术有限公司 | Vulnerability detection method and device |
| CN110995684A (en) * | 2019-11-26 | 2020-04-10 | 西安四叶草信息技术有限公司 | Vulnerability detection method and device |
| CN111125718A (en) * | 2019-12-24 | 2020-05-08 | 北京三快在线科技有限公司 | Unauthorized vulnerability detection method, device, equipment and storage medium |
| CN111209565A (en) * | 2020-01-08 | 2020-05-29 | 招商银行股份有限公司 | Horizontal override vulnerability detection method, equipment and computer readable storage medium |
| CN111209565B (en) * | 2020-01-08 | 2022-12-23 | 招商银行股份有限公司 | Horizontal override vulnerability detection method, equipment and computer readable storage medium |
| CN111274585A (en) * | 2020-01-19 | 2020-06-12 | 福建省农村信用社联合社 | Method, device, equipment and medium for detecting unauthorized vulnerability of Web application |
| CN111274585B (en) * | 2020-01-19 | 2022-08-16 | 福建省农村信用社联合社 | Method, device, equipment and medium for detecting unauthorized vulnerability of Web application |
| CN111427774A (en) * | 2020-03-09 | 2020-07-17 | 深圳开源互联网安全技术有限公司 | Request parameter modification method and system for application program test case |
| CN111416811A (en) * | 2020-03-16 | 2020-07-14 | 携程旅游信息技术(上海)有限公司 | Unauthorized vulnerability detection method, system, equipment and storage medium |
| CN111416811B (en) * | 2020-03-16 | 2022-07-22 | 携程旅游信息技术(上海)有限公司 | Unauthorized vulnerability detection method, system, equipment and storage medium |
| CN111756771A (en) * | 2020-07-21 | 2020-10-09 | 腾讯科技(深圳)有限公司 | Detection method and device for cross-site scripting attack |
| CN111756771B (en) * | 2020-07-21 | 2023-04-18 | 腾讯科技(深圳)有限公司 | Detection method and device for cross-site scripting attack |
| CN112464250A (en) * | 2020-12-15 | 2021-03-09 | 光通天下网络科技股份有限公司 | Method, device and medium for automatically detecting unauthorized vulnerability |
| US11429510B2 (en) | 2020-12-21 | 2022-08-30 | Coupang Corp. | Electronic apparatus for verifying code and method thereof |
| CN113779585A (en) * | 2021-01-04 | 2021-12-10 | 北京沃东天骏信息技术有限公司 | Unauthorized vulnerability detection method and device |
| CN113411333A (en) * | 2021-06-18 | 2021-09-17 | 杭州安恒信息技术股份有限公司 | Unauthorized access vulnerability detection method, device, system and storage medium |
| CN115348117A (en) * | 2022-10-20 | 2022-11-15 | 闪捷信息科技有限公司 | User level unauthorized behavior determination method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110489966A (en) | Parallel go beyond one's commission leak detection method, device, storage medium and electronic equipment | |
| US10257199B2 (en) | Online privacy management system with enhanced automatic information detection | |
| AU2021229246B2 (en) | Dynamic code management | |
| US10834130B2 (en) | Detection of malicious attempts to access a decoy database object based on connection type | |
| KR102355973B1 (en) | Apparatus and method for detecting smishing message | |
| CN107634947A (en) | Limitation malice logs in or the method and apparatus of registration | |
| CN110113315A (en) | A kind of processing method and equipment of business datum | |
| US20110252150A1 (en) | System and Method for Processing User Information | |
| WO2014151539A1 (en) | Online privacy management | |
| US11916946B2 (en) | Systems and methods for network traffic analysis | |
| CN113904828B (en) | Method, apparatus, device, medium and program product for detecting sensitive information of interface | |
| US11134062B1 (en) | Isolating and disabling unauthorized applications | |
| US9967217B2 (en) | Method and device for displaying instant messaging messages | |
| US9674160B2 (en) | Methods for anti-fraud masking of a universal resource indentifier (“URI”) | |
| CN115460059A (en) | Risk early warning method and device | |
| KR20240057538A (en) | System and method for rewarding to user based on message detection | |
| CN114640494A (en) | Fraud identification method, device, storage medium and gateway equipment | |
| CN114928532A (en) | Method, device, equipment and storage medium for generating alarm message | |
| CN115835214A (en) | Processing method, device, equipment and medium for 5G network user plane communication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |