Shulou(Shulou.com)05/31 Report--

CSRF cross-site request forgery case analysis, many novices are not very clear about this, in order to help you solve this problem, the following editor will explain for you in detail, people with this need can come to learn, I hope you can gain something.

Brief introduction:

Cross-site request forgery (English: Cross-site request forgery), also known as one-click attack or session riding, usually abbreviated to CSRF or XSRF, is an attack that hijacks users to perform unintended operations on currently logged-in Web applications. Compared with cross-site scripting (XSS), XSS takes advantage of the user's trust in a given site, while CSRF takes advantage of the site's trust in the user's web browser.

Examples of vulnerabilities:

If a bank uses the URL address to run the transfer operation as follows: http://www.examplebank.com/withdraw?account=AccoutName&amount=1000&for=PayeeName

Then, a malicious attacker can place the following code on another website:

If a user with an account named Alice visits a malicious site and she has just visited the bank and her login information has not expired, she will lose 1000 dollars.

This malicious URL can take many forms and is hidden in many places on the web page. In addition, attackers do not need to control websites that place malicious URLs. For example, he can hide this address in forums, blogs and other sites with user-generated content. This means that if the server does not have appropriate defenses, users are at risk of being attacked even if they visit familiar and trusted websites.

Through the example, we can see that the attacker can not directly obtain the control of the user's account through the CSRF attack, nor can he directly steal any information of the user. What they can do is to trick the user's browser into running the operation in the user's name.

Vulnerability detection: packets without token and referer authentication:

When there is no token authentication and no referer authentication, there is basically cross-site request forgery, but based on different function points, some cross-site request forgery is meaningless and harmless.

When submitting a packet, grab and delete the referer field. If you do not report an error, there are basically cross-domain request forgery, get-type construction of links, post-type to write a submission form to test whether the data packets submitted across domains are valid.

Packets have no token and have referer authentication:

You can try empty referer or domain name forgery only when you have referer authentication.

For example, when only verifying the existence of bylibrary.cn in referer:

Forge a third-level domain name as bylibrary.cn.baidu.com to bypass referer field verification

Post on the bylibrary.cn website to guide others to click on the CSRF link we constructed or publish the CSRF form address we constructed under this site to bypass the referer test.

Exploit: auto-submit form POC:

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.