接口安全问题 md5 案例
http://IP:8080/goods/UserServlet?method=loginMd5&loginname=abc&loginpass=abc&verifyCode=md5(用户名+密码+code)
code =0710
成功
{"msg":"登录成功","uid":"9CC972DFA2D4481F89841A46FD1B3E7B","code":"1"}
支持post ,get
----------------------------------------------
首先,找到MD5函数的头文件,添加到lr的头文件里面,并且在头文件里面加上一行:
然后在action()里面调用md5的函数GetMd5FromString(const char* s,char* resStr),如下:
Action()
{
char test[100];
char dest[100];
strcat(test,lr_eval_string("{loginname}"));
strcat(test,lr_eval_string("{loginpass}"));
strcat(test,"0710");
lr_log_message("test is %s",test);
GetMd5FromString(test,dest);
lr_log_message("dest is %s",dest);
lr_save_string(dest,"code");
web_submit_data("接口安全问题",
"Action=http://123.58.251.183:8080/goods/UserServlet",
"Method=POST",
"RecContentType=text/html",
"Referer=",
"Snapshot=",
"Mode=HTML",
ITEMDATA,
"Name=method", "Value=loginMd5", ENDITEM,
"Name=loginname", "Value={loginname}", ENDITEM,
"Name=loginpass", "Value={loginpass}", ENDITEM,
"Name=verifyCode", "Value={code}", ENDITEM,
LAST);
memset(test,0,sizeof(test)); //字符串清空函数
return 0;
}
网友评论