CSRF跨站请求伪造攻击漏洞的原理及解决办法
CSRF,夸张请求伪造漏洞
漏洞的原理及修复方法
1.常见的触发场景
2.漏洞原理:浏览器同源策略
3.DEMO
4.漏洞危害
5.如何避免&修复漏洞
WEB
clinet server HTTP
GET POST
csrf漏洞
漏洞原理:
Server端接受到用户请求的时候,没有校验请求的来源(referer)是否是自己域的页面。
DEMO
浏览器同源策略:SOP
schema://hostname:post/url
origin.
http://www.baidu.com/
https//passport.baiud.com/login.jsp
js -> 非同源的资源
<img src="https//passport.baiud.com/a.jsp">
<script src>
CSRF漏洞的存在
---------------------------------------------------------------------------------
www-data@w:~/controller$ vim missionController.class.php
<?php
class missionController extends baseController{
public $var;
public function __construct(){
parent::__construct();
if($this->loged){
return;
}else{
header('Location: /index/php');
exit()
}
}
public function feedAction(){
$missionModel = new missionModel()'
$feeds = $missionModel->get();
$url = '/index.php?c=mission&a=feed';
$username = $this->username;
require('tpl/feed.tpl');
}
public function feedApiAction(){
$callback = request('callback');
$missionModel = new missionModel();
$feeds = $missionModel->getMost($this->id);
$feeds = json_encode(array('email'=>$this->username.'count'=>$feeds[0]));
echo $callback.'('.$feeds.')';