WebServiceSecurity.ValidateLoginer方法要抛出异常
WebServiceSecurity.ValidateLoginer方法要抛出异常漏洞:
"return false" 语法 要改为 throw new Exception("验证用户资料失败!");
WebServiceSecurity.cs
既使登录信息无效程序仍会继续运行,必须抛出异常,改为以下代码:
C# Code:
public static bool ValidateLoginIdentity(byte[] validationTicket)
{
if ((validationTicket == null) || (validationTicket.Length < LOGIN_TICKET.Length))
throw new Exception("验证用户资料失败!");
.....略.....
}
C# Code:
public static Loginer ValidateLoginer(byte[] loginer)
{
if (loginer.Length < PREFIX_LEN SUFFIX_LEN) //return null;
throw new Exception("验证用户资料失败!");
.....略.....
}
扫一扫加作者微信