低代码平台（快开）升级内容

<h2><span style="font-weight: bold; font-size: x-large;"><span style="font-family: 宋体;"><font face="宋体" style=""><br></font></span></span></h2><h2><span style="font-weight: bold; font-size: x-large;"><span style="font-family: 宋体;"><font face="宋体" style="">概述：本次升级主要针对平台安全漏洞进行修复</font></span><span style="font-family: 宋体;"><font face="宋体" style="">（</font><font face="Calibri" style="">V2.4.1</font><font face="宋体" style="">）</font></span></span></h2><h4><span style="font-weight: bold;"><span style="font-family: 宋体; font-size: large;"><font face="宋体" style="">升级内容：</font></span></span></h4><p class="MsoNormal" style="mso-list:l0 level1 lfo1;"><!--[if !supportLists]--><span style="font-family: 微软雅黑; font-size: medium;"><span style="color: rgb(0, 0, 0);">1、</span><!--[endif]--><span style="color: rgb(0, 0, 0);">用户名枚举</span>漏<span style="color: rgb(0, 0, 0);">洞</span>：在登录处，用户名存在与否，其提示的错误消息不一致。可据此判断用户名是否存在，导致用户名遍历攻击，攻击者在获取合法用户名之后再进行密码爆破，最终爆破成功。</span></p><p class="MsoNormal" style="mso-list:l0 level1 lfo1;"><span style="font-family: 微软雅黑; font-size: medium;">补充截图效果：</span></p><p class="MsoNormal" style="mso-list:l0 level1 lfo1;"><span style="font-family: 微软雅黑;"><span style="font-size: medium;">账户错误</span></span></p><p class="MsoNormal" style="mso-list:l0 level1 lfo1;"><img src="https://51techud.yykj.com:9002/forumpic/pfvulnerability_1.png" style="max-width:100%;"><span style="font-family: 微软雅黑;"><span style="font-size: medium;"><br></span></span></p><p class="MsoNormal"><span style="font-family: 微软雅黑;"><span style="font-size: 10.5pt;">密码错误</span></span></p><p class="MsoNormal"><img src="https://51techud.yykj.com:9002/forumpic/pfvulnerability_2.png" style="max-width:100%;"><span style="font-family: 微软雅黑;"><span style="font-size: 10.5pt;"><br></span></span></p><p class="MsoNormal"><span style="font-family: 微软雅黑;"><br></span></p><p class="MsoNormal" style="mso-list:l0 level1 lfo1;"><!--[if !supportLists]--><span style="font-family: 微软雅黑;"><span style="color: rgb(0, 0, 0); font-size: 10.5pt;"><span style="mso-list:Ignore;">2、</span></span><!--[endif]--><span style="color: rgb(0, 0, 0); font-size: 10.5pt;">验证码功能缺陷</span><span style="color: rgb(0, 0, 0); font-size: 10.5pt;">漏洞</span><span style="font-size: 10.5pt;">：</span><span style="color: rgb(0, 0, 0); font-size: 10.5pt;">系统的验证码机制不完全，没有达到验证码的效果，验证码可以重复使用。</span></span></p><p class="MsoNormal" style="mso-list:l0 level1 lfo1;"><span style="font-size: 10.5pt; font-family: 微软雅黑;"><br></span></p><p class="MsoNormal" style="mso-list:l0 level1 lfo1;"><span style="font-family: 微软雅黑;"><span style="font-size: 10.5pt;">3、</span><span style="font-size: medium;">密码爆破</span></span><span style="font-family: 微软雅黑; font-size: 10.5pt;">：</span><span style="font-family: 微软雅黑; font-size: 10.5pt;">由于没有对登录页面进行相关的防暴力破解机制，有验证码但验证码未在服务器端校验以及无登录错误次数限制等，导致攻击者可通过暴力破解获取用户登录账户及口令，从而获取网站登录访问权限</span><span style="font-family: 微软雅黑; font-size: 10.5pt;">。</span></p><!--[if gte mso 9]><xml><w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true" DefSemiHidden="true" DefQFormat="false" DefPriority="99" LatentStyleCount="260" > <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Normal" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="heading 1" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="heading 2" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="heading 3" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="heading 4" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="heading 5" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="heading 6" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="heading 7" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="heading 8" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="heading 9" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="index 1" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="index 2" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="index 3" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="index 4" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="index 5" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="index 6" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="index 7" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="index 8" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="index 9" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="toc 1" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="toc 2" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="toc 3" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="toc 4" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="toc 5" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="toc 6" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="toc 7" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="toc 8" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="toc 9" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Normal Indent" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="footnote text" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="annotation text" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="header" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="footer" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="index heading" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="caption" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="table of figures" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="envelope address" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="envelope return" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="footnote reference" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="annotation reference" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="line number" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="page number" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="endnote reference" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="endnote text" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="table of authorities" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="macro" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="toa heading" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="List" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="List Bullet" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="List Number" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="List 2" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="List 3" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="List 4" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="List 5" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="List Bullet 2" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="List Bullet 3" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="List Bullet 4" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="List Bullet 5" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="List Number 2" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="List Number 3" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="List Number 4" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="List Number 5" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Title" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Closing" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Signature" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Default Paragraph Font" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Body Text" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Body Text Indent" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="List Continue" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="List Continue 2" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="List Continue 3" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="List Continue 4" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="List Continue 5" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Message Header" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Subtitle" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Salutation" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Date" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Body Text First Indent" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Body Text First Indent 2" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Note Heading" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Body Text 2" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Body Text 3" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Body Text Indent 2" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Body Text Indent 3" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Block Text" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Hyperlink" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="FollowedHyperlink" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Strong" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Emphasis" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Document Map" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Plain Text" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="E-mail Signature" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Normal (Web)" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="HTML Acronym" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="HTML Address" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="HTML Cite" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="HTML Code" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="HTML Definition" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="HTML Keyboard" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="HTML Preformatted" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="HTML Sample" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="HTML Typewriter" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="HTML Variable" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Normal Table" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="annotation subject" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="No List" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="1 / a / i" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="1 / 1.1 / 1.1.1" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Article / Section" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Table Simple 1" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Table Simple 2" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Table Simple 3" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Table Classic 1" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Table Classic 2" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Table Classic 3" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Table Classic 4" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Table Colorful 1" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Table Colorful 2" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Table Colorful 3" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Table Columns 1" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Table Columns 2" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Table Columns 3" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Table Columns 4" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Table Columns 5" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Table Grid 1" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Table Grid 2" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Table Grid 3" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Table Grid 4" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Table Grid 5" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Table Grid 6" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Table Grid 7" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Table Grid 8" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Table List 1" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Table List 2" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Table List 3" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Table List 4" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Table List 5" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Table List 6" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Table List 7" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Table List 8" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Table 3D effects 1" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Table 3D effects 2" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Table 3D effects 3" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Table Contemporary" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Table Elegant" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Table Professional" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Table Subtle 1" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Table Subtle 2" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Table Web 1" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Table Web 2" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Table Web 3" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Balloon Text" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Table Grid" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Table Theme" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Placeholder Text" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="No Spacing" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Light Shading" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Light List" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Light Grid" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Medium Shading 1" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Medium Shading 2" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Medium List 1" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Medium List 2" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Medium Grid 1" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Medium Grid 2" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Medium Grid 3" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Dark List" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Colorful Shading" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Colorful List" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Colorful Grid" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Light Shading Accent 1" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Light List Accent 1" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Light Grid Accent 1" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Medium Shading 1 Accent 1" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Medium Shading 2 Accent 1" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Medium List 1 Accent 1" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="List Paragraph" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Quote" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Intense Quote" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Medium List 2 Accent 1" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Medium Grid 1 Accent 1" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Medium Grid 2 Accent 1" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Medium Grid 3 Accent 1" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Dark List Accent 1" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Colorful Shading Accent 1" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Colorful List Accent 1" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Colorful Grid Accent 1" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Light Shading Accent 2" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Light List Accent 2" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Light Grid Accent 2" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Medium Shading 1 Accent 2" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Medium Shading 2 Accent 2" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Medium List 1 Accent 2" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Medium List 2 Accent 2" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Medium Grid 1 Accent 2" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Medium Grid 2 Accent 2" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Medium Grid 3 Accent 2" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Dark List Accent 2" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Colorful Shading Accent 2" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Colorful List Accent 2" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Colorful Grid Accent 2" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Light Shading Accent 3" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Light List Accent 3" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Light Grid Accent 3" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Medium Shading 1 Accent 3" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Medium Shading 2 Accent 3" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Medium List 1 Accent 3" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Medium List 2 Accent 3" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Medium Grid 1 Accent 3" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Medium Grid 2 Accent 3" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Medium Grid 3 Accent 3" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Dark List Accent 3" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Colorful Shading Accent 3" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Colorful List Accent 3" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Colorful Grid Accent 3" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Light Shading Accent 4" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Light List Accent 4" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Light Grid Accent 4" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Medium Shading 1 Accent 4" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Medium Shading 2 Accent 4" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Medium List 1 Accent 4" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Medium List 2 Accent 4" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Medium Grid 1 Accent 4" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Medium Grid 2 Accent 4" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Medium Grid 3 Accent 4" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Dark List Accent 4" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Colorful Shading Accent 4" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Colorful List Accent 4" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Colorful Grid Accent 4" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Light Shading Accent 5" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Light List Accent 5" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Light Grid Accent 5" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Medium Shading 1 Accent 5" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Medium Shading 2 Accent 5" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Medium List 1 Accent 5" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Medium List 2 Accent 5" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Medium Grid 1 Accent 5" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Medium Grid 2 Accent 5" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Medium Grid 3 Accent 5" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Dark List Accent 5" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Colorful Shading Accent 5" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Colorful List Accent 5" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Colorful Grid Accent 5" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Light Shading Accent 6" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Light List Accent 6" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Light Grid Accent 6" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Medium Shading 1 Accent 6" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Medium Shading 2 Accent 6" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Medium List 1 Accent 6" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Medium List 2 Accent 6" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Medium Grid 1 Accent 6" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Medium Grid 2 Accent 6" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Medium Grid 3 Accent 6" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Dark List Accent 6" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Colorful Shading Accent 6" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Colorful List Accent 6" ></w:LsdException> <w:LsdException Locked="false" Priority="99" SemiHidden="false" Name="Colorful Grid Accent 6" ></w:LsdException> </w:LatentStyles></xml><![endif]--><p class="MsoNormal" style="mso-list:l0 level1 lfo1;"><span style="font-family: 微软雅黑;"><span style="font-size: 10.5pt;">补充截图效果：</span></span></p><p class="MsoNormal" style="mso-list:l0 level1 lfo1;"><img src="https://51techud.yykj.com:9002/forumpic/pfvulnerability_3.png" style="max-width:100%;"><span style="font-family: 微软雅黑;"><span style="font-size: 10.5pt;"><br></span></span></p><p class="MsoNormal" style="mso-list:l0 level1 lfo1;"><span style="font-family: 微软雅黑;"><br></span></p><p class="MsoNormal" style="mso-list:l0 level1 lfo1;"><!--[if !supportLists]--><span style="font-family: 微软雅黑;"><span style="color: rgb(0, 0, 0); font-size: 10.5pt;"><span style="mso-list:Ignore;">4、</span></span><!--[endif]--><span style="color: rgb(0, 0, 0); font-size: 10.5pt;">存储型跨站脚本攻击</span><span style="color: rgb(0, 0, 0); font-size: 10.5pt;">漏洞：</span><span style="color: rgb(0, 0, 0); font-size: 10.5pt;">Web程序代码中把用户提交的参数未做过滤或过滤不严就直接输出到页面，参数中的特殊字符打破了HTML页面的原有逻辑，黑客可以利用该漏洞执行恶意HTML/JS代码、构造蠕虫传播、篡改页面实施钓鱼攻击、诱以及导用户再次登录，然后获取其登录凭证等。</span></span></p><p class="MsoNormal" style="mso-list:l0 level1 lfo1;"><span style="font-family: 微软雅黑; font-size: 10.5pt;">补充截图效果：</span></p><p class="MsoNormal" style="mso-list:l0 level1 lfo1;"><img src="https://51techud.yykj.com:9002/forumpic/pfvulnerability_4.png" style="max-width:100%;"><span style="font-family: 微软雅黑; font-size: 10.5pt;"><br></span></p><p class="MsoNormal"><img src="https://51techud.yykj.com:9002/forumpic/pfvulnerability_5.png" style="max-width:100%;"><br></p><p class="MsoNormal"><span style="font-family: 微软雅黑;"><br></span></p><p class="MsoNormal" style="mso-list:l0 level1 lfo1;"><!--[if !supportLists]--><span style="font-family: 微软雅黑;"><span style="color: rgb(0, 0, 0); font-size: 10.5pt;"><span style="mso-list:Ignore;">5、</span></span><!--[endif]--><span style="color: rgb(0, 0, 0); font-size: 10.5pt;">功能越权操作</span><span style="color: rgb(0, 0, 0); font-size: 10.5pt;">漏洞：</span><span style="color: rgb(0, 0, 0); font-size: 10.5pt;">越权操作漏洞是一种很常见的逻辑安全漏洞。是由于服务器端对客户提出的数据操作请求过分信任，忽略了对该用户操作权限的判定，导致修改相关参数就可以拥有了其他账户的增、删、查、改功能，从而导致越权漏洞</span><span style="color: rgb(0, 0, 0); font-size: 10.5pt;">。</span></span></p><p class="MsoNormal" style="mso-list:l0 level1 lfo1;"><span style="font-size: 10.5pt; font-family: 微软雅黑;"><br></span></p><p class="MsoNormal" style="mso-list:l0 level1 lfo1;"><span style="font-family: 微软雅黑;"><span style="font-size: 10.5pt;">6、</span><span style="font-size: 10.5pt;">文件上传</span><span style="font-size: 10.5pt;">漏洞：</span><span style="font-size: 10.5pt;">文件上传漏洞通常由于网页代码中的文件上传路径变量过滤不严或webserver相关解析漏洞未修复而造成的，如果文件上传功能实现代码没有严格限制用户上传的文件后缀以及文件类型，攻击者可通过 Web 访问的目录上传任意文件，包括网站后门文件（webshell），进而远程控制网站服务器</span><span style="font-size: 10.5pt;">。</span></span></p><p class="MsoNormal" style="mso-list:l0 level1 lfo1;"><span style="font-family: 微软雅黑;"><span style="font-size: 10.5pt;">补充截图效果：</span></span></p><p class="MsoNormal" style="mso-list:l0 level1 lfo1;"><img src="https://51techud.yykj.com:9002/forumpic/pfvulnerability_6.png" style="max-width:100%;"><br></p><p class="MsoNormal" style="mso-list:l0 level1 lfo1;"><img src="https://51techud.yykj.com:9002/forumpic/pfvulnerability_7.png" style="max-width:100%;"><br></p><p class="MsoNormal" style="mso-list:l0 level1 lfo1;"><img src="https://51techud.yykj.com:9002/forumpic/pfvulnerability_8.png" style="max-width:100%;"><br></p><p class="MsoNormal" style="mso-list:l0 level1 lfo1;"><img src="https://51techud.yykj.com:9002/forumpic/pfvulnerability_9.png" style="max-width:100%;"><br></p><p class="MsoNormal" style="mso-list:l0 level1 lfo1;"><span style="font-size: 10.5pt; font-family: 微软雅黑;">温馨提示：体验地址、源码包请联系田竣心获取。</span></p>