????????-CSRF????
???????????? ???????[ 2015/11/24 14:22:13 ] ??????????????? ????????
????Σ?????B??????????????HTML????
????<img src=http://www.mybank.com/Transfer.php?toBankId=11&money=1000>
?????????1?е??????????????????????????A????????Σ?????B?????.....?????1?????????????1000?顫T_T??????1???????????к???????$_REQUEST????????????????$_REQUEST???????GET?????????????????POST?????????????????????????????????????????GET????????????POST????????????PHP?У????????$_GET??$_POST?????GET?????POST????????????JAVA?У???????????????request??????????????GET?????????POST?????????
???????3??
???????????2??????????????о?????????????????????????????$_POST??????POST????????????????????Transfer.php???????£?
????<?php
????session_start();
????if (isset($_POST['toBankId'] &&??isset($_POST['money']))
????{
????buy_stocks($_POST['toBankId']????$_POST['money']);
????}
?????>
?????????Σ?????B????????????????′???
<html>
<head>
<script type="text/javascript">
function steal()
{
iframe = document.frames["steal"];
iframe.document.Submit("transfer");
}
</script>
</head>
<body onload="steal()">
<iframe name="steal" display="none">
<form method="POST" name="transfer"??action="http://www.myBank.com/Transfer.php">
<input type="hidden" name="toBankId" value="11">
<input type="hidden" name="money" value="1000">
</form>
</iframe>
</body>
</html>
????????????????????????????????????????????β???1000??......???????Σ?????B??????????POST????????!
??????????????3???????CSRF???????????????????????3??????????1??2???????????????????????????<img>???????????3?????鷳????????JavaScript????????????????????????????????????????????????CSRF????????????п?????????
????????????3?????????????????????CSRF?????????WEB????????????????WEB????????????????????????????????????????????????????????????????????????????????
??????.CSRF?????
????????????????????????CSRF??????????????????????????????????Ч?????????????Ч???????????????CSRF???????????????С?
????1.????????CSRF????
??????????CSRF??????????????????????????μ?????????????????α???????
????(1).Cookie Hashing(???б????????????α????)??
????????????????????????????????????????????Cookie(??????)?????????е???????????????:>
????<?php
????//????????Cookie???
????$value = “DefenseSCRF”;
????setcookie(”cookie”?? $value?? time()+3600);
?????>
??????????????Hash??????????????????????????
????<?php
????$hash = md5($_COOKIE['cookie']);
?????>
????<form method=”POST” action=”transfer.php”>
????<input type=”text” name=”toBankId”>
????<input type=”text” name=”money”>
????<input type=”hidden” name=”hash” value=”<?=$hash;?>”>
????<input type=”submit” name=”submit” value=”Submit”>
????</form>
???????????????????Hash????
????<?php
????if(isset($_POST['check'])) {
????$hash = md5($_COOKIE['cookie']);
????if($_POST['check'] == $hash) {
????doJob();
????} else {
????//...
????}
????} else {
????//...
????}
?????>
???????????????????????漰???????????????????SPASVOС??(021-61079698-8054)?????????????????????????
??????
Mysql???????????APP????????????????????????????????????????-SQLMAPAndroid?????????????????App?????????????????а?????????????????????????????Buffer overrun?????????????????e??????????????????????????????????:????????????????????????????????e???????????????????в??????????????簲??????????????????????????
???·???
??????????????????
2023/3/23 14:23:39???д?ò??????????
2023/3/22 16:17:39????????????????????Щ??
2022/6/14 16:14:27??????????????????????????
2021/10/18 15:37:44???????????????
2021/9/17 15:19:29???·???????·
2021/9/14 15:42:25?????????????
2021/5/28 17:25:47??????APP??????????
2021/5/8 17:01:11????????
?????????App Bug???????????????????????Jmeter?????????QC??????APP????????????????app?????е????????jenkins+testng+ant+webdriver??????????????JMeter????HTTP???????Selenium 2.0 WebDriver ??????
sales@spasvo.com