通过.json的信息泄露

Request:
GET /ResetPassword HTTP/1.1
{"email":"[email protected]"}

Response:
HTTP/1.1 200 OK

Request:
GET /ResetPassword.json HTTP/1.1
{"email":"[email protected]"}

Response:
HTTP/1.1 200 OK
{"success":"true","token":"596a96-cc7bf-9108c-d896f-33c44a-edc8a"}

上一页配置错误的云存储桶下一页未认证的ElasticsearchDB

最后更新于3年前

这有帮助吗？