This repository has been archived by the owner on Sep 24, 2021. It is now read-only.
悄悄跳过添加任务验证码 #380
Open
悄悄跳过添加任务验证码 #380
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
torta
commented
Jan 19, 2014
torta
commented
|
GOODJON 发自我的 iPhone
|
|
能稍微解释一下吗?这算是迅雷验证码的漏洞? |
|
是的漏洞, 迅雷大概用了类似redis的kv数据库以cookie中的userid做为key每添加一次任务就INCR一下, 达到阀值就要求输入验证码. |
|
多谢,等我找时间试一下。不过我觉得他们很快就会修了…… |
|
Nice job, it worked. Thanks. |
jat001
added a commit
to jat001/lixian.xunlei
that referenced
this pull request
Jan 20, 2014
|
@jat001 不好意思,更新晚了。 |
|
@iambus 当天上午我在我的项目中测试还管用,下午再测试就不管用了。 |
|
果然还是不能依赖漏洞。要不然就偷偷摸摸用…… |
|
@torta %s/阀值/阈值/g |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.