add 验证码相关漏洞

Author: tangxiaofeng7

.idea/compiler.xml

@@ -2,12 +2,14 @@
 
 | 漏洞名称               | 难度 |
 | ---------------------- | ---- |
-| [SQL 注入漏洞]         | 🌟🌟🌟  |
+| [SQL 注入漏洞]         | 🌟🌟  |
 | [XSS 漏洞]             | 🌟    |
 | [SSRF 漏洞]            | 🌟🌟  |
-| [CORS 漏洞]             | 🌟🌟🌟    |
-| [RCE 漏洞]             | 🌟🌟🌟  |
-| [Fastjson反序列化漏洞] | 🌟🌟🌟🌟 |
+| [CORS 漏洞]             | 🌟🌟    |
+| [RCE 漏洞]             | 🌟🌟  |
+| [反序列化漏洞-Fastjson反序列化] | 🌟🌟🌟🌟 |
+| [验证码相关漏洞] | 🌟🌟 |
+
 
 ### 使用说明
 

.idea/workspace.xml

@@ -14,7 +14,7 @@
       <configuration />
     </facet>
   </component>
-  <component name="NewModuleRootManager" LANGUAGE_LEVEL="JDK_1_8">
+  <component name="NewModuleRootManager" LANGUAGE_LEVEL="JDK_1_7">
     <output url="file://$MODULE_DIR$/target/classes" />
     <output-test url="file://$MODULE_DIR$/target/test-classes" />
     <content url="file://$MODULE_DIR$">

README.md

@@ -0,0 +1,39 @@
+package com.suyu.secexample.messageecho.controller;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+
+import java.util.Random;
+
+@Controller
+public class messagecontroller {
+
+    int Code = 0;
+    @GetMapping("/messageecho")
+    public String index(){
+        return "messageecho/messageecho";
+    }
+
+    @GetMapping("/messageecho/getcode")
+    public String getcode(Model model){
+        Random r = new Random();
+        int number = r.nextInt(900000);
+        model.addAttribute("code",number);
+        System.out.println(number);
+        Code =number;
+        return "messageecho/messageechooutput";
+    }
+
+    @PostMapping("/messageecho/testcode")
+    public String testcode(Integer code1,Model model){
+        String result ="登陆失败";
+        if (code1 != null && code1 != 0 &&Code == code1){
+            System.out.println(true);
+            result ="登陆成功";
+        }
+        model.addAttribute("code1",result);
+        return "messageecho/messageechooutput";
+    }
+}

images/index.png

@@ -25,4 +25,5 @@ logging:
         secexample:
           sql:
             mapper:
-              UserMapper: DEBUG
+              UserMapper: DEBUG
+

secexample.iml

@@ -1,9 +1,8 @@
-   _____             ______                           _
-  / ____|           |  ____|                         | |
- | (___   ___  ___  | |__  __  ____ _ _ __ ___  _ __ | | ___
+   _____             ______                           _      
+  / ____|           |  ____|                         | |     
+ | (___   ___  ___  | |__  __  ____ _ _ __ ___  _ __ | | ___ 
   \___ \ / _ \/ __| |  __| \ \/ / _` | '_ ` _ \| '_ \| |/ _ \
   ____) |  __/ (__  | |____ >  < (_| | | | | | | |_) | |  __/
  |_____/ \___|\___| |______/_/\_\__,_|_| |_| |_| .__/|_|\___|
-                                               | |
-                                               |_|
-                                                             ----by txf
+                                               | |           
+                                               |_|           

src/main/java/com/suyu/secexample/messageecho/controller/messagecontroller.java

@@ -20,7 +20,7 @@ <h1>Java漏洞演示平台</h1>
 <div style="margin-top: 50px;margin-left: 25px;margin-right: 25px" class="ui cards">
     <div class="card">
         <div class="content">
-            <div class="header">SQL注入漏洞</div>
+            <div class="header">注入漏洞-SQL注入</div>
             <div class="description">SQL注入通过把SQL命令插入到Web表单提交或输入域名或页面请求的查询字符串，最终达到欺骗服务器执行指定的SQL语句</div>
         </div>
         <a  class="ui bottom attached button" th:href="@{/sql}" ><i class="add icon"></i>测试漏洞</a>
@@ -61,12 +61,18 @@ <h1>Java漏洞演示平台</h1>
     </div>
     <div class="card">
         <div class="content">
-            <div class="header">Fastjson反序列化漏洞</div>
-            <div class="description">通过Gadgets链绕过autoType开关，在autoType关闭的情况下仍然可能可以绕过黑白名单防御机制，实现了反序列化漏洞利用的远程代码执行效果.Fastjson历史版本中，autoType安全黑名单已被多次绕过，官方也一直在持续补充增强该黑名单，并在1.2.68版本中引入一个safeMode的配置，配置safeMode后，无论白名单和黑名单，都不支持autoType，不过默认并未开启该配置。由于autoType开关漏洞利用门槛较低，可绕过autoType限制，风险影响较大.</div>
+            <div class="header">反序列化漏洞-Fastjson反序列化</div>
+            <div class="description">序列化和反序列化本身并不存在问题。但当输入的反序列化的数据可被用户控制，那么攻击者即可通过构造恶意输入，让反序列化产生非预期的对象，在此过程中执行构造的任意代码。</div>
         </div>
         <a  class="ui bottom attached button" th:href="@{/fastjson}" ><i class="add icon"></i>测试漏洞</a>
     </div>
-
+    <div class="card">
+        <div class="content">
+            <div class="header">验证码相关漏洞</div>
+            <div class="description">短信回显<br>短信轰炸<br>前端绕过验证<br>验证码爆破</div>
+        </div>
+        <a  class="ui bottom attached button" th:href="@{/messageecho}" ><i class="add icon"></i>测试漏洞</a>
+    </div>
 </div>
 
 

src/main/resources/application.yml

@@ -0,0 +1,30 @@
+<!DOCTYPE html>
+<html lang="en" xmlns:th="http://www.thymeleaf.org" xmlns="http://www.w3.org/1999/html">
+<head>
+    <meta charset="UTF-8">
+    <title>Java漏洞靶场</title>
+    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/[email protected]/dist/semantic.min.css">
+</head>
+<body>
+
+<div style="padding: 40px;
+    text-align: center;
+    background: #1abc9c;
+    color: white;">
+    <h1>Java漏洞演示平台</h1>
+    <button class="ui inverted secondary basic button"><a style="color: white" th:href="home">回到首页</a></button>
+</div>
+
+
+
+
+<form style="text-align: center;margin: 0px auto;margin-top: 50px;"  border="10">
+    <div class="ui input">
+        <input type="text" name="tele" placeholder="手机号码">
+        <a class="ui button" th:href="@{/messageecho/getcode}">获取验证码</a>
+    </div>
+</form>
+
+
+</body>
+</html>