有许多购物车应用程序把价格存储在用户可编辑的参数中,这导致了安全漏洞。
There are many horror stories of shopping cart applications which stored a calculated price in a parameter editable by the user.
一款自动化web漏洞扫描器会很好的帮助你发现这个参数,并理解web应用是如何运用参数的,但是它永远不能发现应用中的缺陷。
An automated web vulnerability scanner will definitely help you discover this parameter, understand how the web application works and USES such a parameter, but it will never discover flaw in it.
此外,利用这些漏洞之一,攻击者可以修改任何服务器配置参数。
In addition, leveraging one of these vulnerabilities, an attacker can modify any server configuration parameter.
应用推荐