问题
In some forum that I was viewed the JSON response of a POST request using Firebug.
Say, a user with the email X@Y.com and password Zabc123 posted something on his own page on this forum. And I wanted to post a comment on his post. But before I posted the comment I opened Firebug's Net panel:
After I had posted the comment the response that I saw in Firebug was like this:
postid 1432
OTHER THINGS ...
email X@Y.com
password Zabc123
ip 111.111.111.111
lastlogin 1-1-2016
lastpasschange 2-2-2015
and so on ..
This info is not my own, it is the info of the person that I was posting a comment on.
Is this a symptom of a hack or an incorrectly programmed script in that forum?
回答1:
If you see the account data of another user within the response info, then that's probably a bug in the server-side script you called in your POST request, especially if that happens equally in different browsers. The programmers of the website could also have output it as debug info and forgot to remove the code when pushing it to the live server.
It could also be that the server got hacked and the script changed that way that it returns the user names and passwords in plain text.
来源:https://stackoverflow.com/questions/39269771/inspecting-post-response-shows-emails-and-passwords-of-other-users