Shulou(Shulou.com)05/31 Report--

How to carry out CSRF analysis, I believe that many inexperienced people do not know what to do. Therefore, this paper summarizes the causes and solutions of the problem. Through this article, I hope you can solve this problem.

Brief introduction

Every loophole is a boss after playing well. I hope everyone can learn something.

Disclaimer:

It is forbidden to test real unauthorized websites at your own risk

I. principle

When a hacker discovers that there is a CSRF loophole in a website and constructs attack parameters to make payload into a web page, the user visits the website with CSRF loophole and logs in to the background to obtain cookie. At this time, the hacker sends the URL with payload to the user, and the user opens the URL sent by the hacker at the same time, and executes payload, which results in a CSRF attack.

Cause of formation: the main reason is that the vulnerable website has not been verified twice, and when users browse the vulnerable website, they click on the payload made by hack at the same time.

Second, the difference from XSS

XSS:hack finds websites with xss vulnerabilities-> Manufacturing payload- > sends URLs with payload to users to induce clicks-> execute payload to get sensitive information obtained by hackers-> hack uses sensitive information to modify operation data

CSRF: hack found sites with CSRF vulnerabilities-> Manufacturing payload- > send URLs with payload to users to induce clicks-> users browse sites with CSRF vulnerabilities while clicking on payload links made by hack, execute payload and modify data

Difference: XSS is a tool that hack induces users to click to get sensitive information, and hack uses sensitive information to proceed to the next step.

Difference: CSRF is constructed by hack payload to induce users to click. In the process of clicking, users browse the website with vulnerabilities at the same time, and the user initiates the payload request made by hack to modify the information.

Third, loophole mining

Add information

Delete information

Modify information

CSRF may exist wherever it can be executed, and where there is no secondary CAPTCHA and token verification.

IV. Vulnerability exploitation

Example 1: CSRF vulnerability attack characteristics found in DVWA shooting range

The production of payload is carried out through the function of grabbing the package of BP and making CSRF code of BP.

Copy the code into a html file and send it to the client to induce it to execute

When browsing the web pages of both the DVWA shooting range and the payload made by hack, the user directly made a request to change the password and succeeded.

The most unlikely and basic CSRF attackers are:

Example 2: the above is submitted in POST mode, so how to make payload in GET mode?

Make a hyperlink, the odd number is the server request address, with modified parameters, when the user requests, an attack is launched.

Example 3: another is to initiate a request through post, then hide the input request tag in the iframe tag, then retrieve and execute the tag request through js code, and then jump to the normal page clicked by the user. This will create as little doubt as possible.

After reading the above, have you mastered the method of how to organize and analyze CSRF? If you want to learn more skills or want to know more about it, you are welcome to follow the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.