Add to Favorites | Login | Register
Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

About us Contact us

A brief introduction to cross-site forgery of CSRF request

2025-02-24 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)06/01 Report--

First, what is CSRF:

As shown in the figure:

1. Users normally visit websites with CSRF vulnerabilities through browsers.

If I go to visit http://127.0.0.1:8080/DVWA/login.php

We log in to the account: admin password is: password, find a place to change the password

Change the password to 123456, and the modified url is:

Http://127.0.0.1:8080/DVWA/vulnerabilities/csrf/password_new=123456&password_conf=123456&Change=Change#

2. We construct a malicious website B to save the code as index.html

This is a malicious web page.

We visit the website B: click *

We can see that the password has been changed (changed to password)

Defense:

1. Try to use POST and limit GET

two。 Browser Cookie policy

3.Anti CSRF Token

Official account of Wechat:

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Tag Search: Password malicious website browser web page this is browsing code public place vulnerability user policy account such as figure login defense restriction vpn macOS Linux MariaDB MySQL Docker Shulou Information Shulou Technology Shulou Tech Info OPPO Reno Redmi Xiaomi NVidia Microsoft Huawei Apple Apple MySQL Docker Redmi MariaDB Microsoft Huawei NVidia vpn Shulou Tech Info Linux Xiaomi macOS Shulou Technology OPPO Reno Shulou Information Apple MySQL Docker Redmi MariaDB Microsoft Huawei NVidia vpn Shulou Tech Info Linux Xiaomi macOS Shulou Technology OPPO Reno Shulou Information

Share To

Related

Network Security

More Network Security >

Latest Network Security More Network Security >

Latest Internet Technology More Internet Technology >

Latest Development More Development >

Latest Database More Database >

Latest Servers More Servers >

Latest Mobile Phone More Mobile Phone >

Latest Android Software More Android Software >

Latest Apple Software More Apple Software >

Latest Computer Software News More Computer Software News >

Latest IT Information More IT Information >

Wechat

About us Contact us Product review car news thenatureplanet

© 2024 shulou.com SLNews company. All rights reserved.

12
Report