1、emmm找文档。登录抓包代码审计。POST /api/user参数email、usernameai一下emmm2、登录后抓包重放进行绕过删除emmm新手没学过web无聊瞎写的。参考https://medium.com/technical_nitish/exploiting-an-api-endpoint-using-documentation-api-testing-cb416d1c3664https://blog.csdn.net/m0_65361643/article/details/152028153