1. 越權訪問
2. 短信轟炸
前端
function sendVerifyCode(){
var mobile = $("#mobile").val();
$.ajax({
url : "${path}/app/user/sendVerifyCode",
method : "post",
data : {
mobile : mobile,
},
success : function(data) {
if(data && data.code){
if(data.code=="1"){
limited = 60;
timedCount();
$.dialog.info("驗證碼已發送");
$("#validate_verificationCode").text("");
} else {
$("#sendButton").attr("disabled",false);
if(data.value){
for(var i in data.value){
$("label#"+i).text(data.value[i]);
}
}else{
$.dialog.info(data.note);
}
}
}
}
});
}
function timedCount() {
var t;
if(limited == 0) {
$("#sendButton").val("獲取短信驗證碼");
$("#sendButton").attr("disabled",false);
return ;
} else {
$("#sendButton").attr("disabled",true);
var buttonText = "獲取短信驗證碼(" + limited-- + ")";
$("#sendButton").val(buttonText);
t=setTimeout("timedCount()",1000);
}
}
後臺:
public void sendVerifyCode(){
Res res = new Res();
String mobile = getPara( "mobile" );
// 校驗短信發送時間差
Object lastTime = getSessionAttr("msgValidateCode_time");
if(lastTime != null) {
long lastTimeL = Long.parseLong(lastTime.toString());
long currentTimeL = System.currentTimeMillis();
long timeDiff = currentTimeL - lastTimeL;
String interval = PropKit.get( "sms.interval_time" );
int intervalInt = 1;
try {
if( !StringUtil.isBlank(interval) ) {
intervalInt = Integer.parseInt(interval);
}
} catch (NumberFormatException e) {
}
if(timeDiff < 1000*60*intervalInt) {
res.setCode( OpResult.FAILED.getOrdinalStr() );
res.setNote( "請勿頻繁獲取短信驗證碼" );
renderJson( res );
return;
}
}
// 獲取短信驗證碼
String verifyCode = SmsUtil.generateCode();
// 調用第三方接口發送短信
setSessionAttr("msgValidateCode", verifyCode);
String time = System.currentTimeMillis()+"";
setSessionAttr("msgValidateCode_time", time);
setSessionAttr("verifiedMobile", mobile);
renderJson( res );
}
3. Sql注入