关键词: 越权, 信息泄露, 大数据, 渗透测试, 访问控制

Abstract: Override vulnerability is a common type of vulnerability in web application system. It is evaluated as one of the Top 10 risks by OWASP. The vulnerability often lead to leakage of sensitive information or illegal tampering of data. An example of an attack method is given for a personal social security management system of a province and a city. The penetration test method is used. The attack process and the vulnerability exploitation results is introduced from four aspects: user fraudulent use, data interception, message modification and automated capture. The relationship with the other vulnerabilities and the risk is analized. Finally, the principle of vunerability is explained, and several vulnerability protection strategies are provided. The research shows that the ultraauthority vulnerability may cause serious consequences in the era of big data in the internet. And it also reflected the urgency and necessity for protecting the network security of the important information system as the network system operator.

Key words: over-authority, information leakage, big data, penetration testing, access control