我的部门有一个外部部门,可以在我们的网站上执行扫描,然后再开始测试漏洞。关于如何显示错误,一个漏洞又出现了。据我所知,我已经解决了这个问题。
我希望在再次扫描之前复制他们的测试,因为从我提交扫描到执行/分析/发回给我时有多天的延迟。以下是他们进行的测试:
1. Navigate to preset starting location for analysis
URL: <mysite>
2. Submit form using the following URL and form values
URL: <mysite>
Form Values:
__EVENTTARGET =
__EVENTARGUMENT =
__VIEWSTATE = <viewstate_stuff>
__VIEWSTATEGENERATOR = <viewstate_stuff>
__EVENTVALIDATION = <eventvalidation stuff>
ctl00%24MainContent%24loginBox%24UserName = foo
ctl00%24MainContent%24loginBox%24Password = foo
ctl00%24MainContent%24loginBox%24RememberMe = on
ctl00%24MainContent%24loginBox%24LoginButton = Log%20In
3. Attack discovered GET URL
URL: <mysite>
Post Parameters Attacked:
__EVENTTARGET =
__EVENTARGUMENT =
__VIEWSTATE = <viewstate_stuff>
__VIEWSTATEGENERATOR = <viewstate_stuff>
__EVENTVALIDATION = <eventvalidation stuff>
ctl00%24MainContent%24loginBox%24UserName = foo
ctl00%24MainContent%24loginBox%24Password = foo
ctl00%24MainContent%24loginBox%24RememberMe = on
ctl00%24MainContent%24loginBox%24LoginButton = web.config
我该怎么办?我觉得我已经知道了。