当前位置：首页 > news >正文

做网站需要学会些什么软件界面设计规范

news 2026/4/20 7:49:42

做网站需要学会些什么软件,界面设计规范,wordpress首页菜单怎么设置,吴忠网站设计公司CSRF CSRF#xff0c;跨站域请求伪造#xff0c;通常攻击者会伪造一个场景#xff08;例如一条链接#xff09;#xff0c;来诱使用户点击#xff0c;用户一旦点击#xff0c;黑客的攻击目的也就达到了#xff0c;他可以盗用你的身份#xff0c;以你的名义发送恶意请…CSRF CSRF跨站域请求伪造通常攻击者会伪造一个场景例如一条链接来诱使用户点击用户一旦点击黑客的攻击目的也就达到了他可以盗用你的身份以你的名义发送恶意请求。CSRF攻击的关键就是利用受害者的cookie向服务器发送伪造请求。和XSS有什么不同 CSRF是以用户的权限去做事情自己本身并没有获取到权限XSS是直接盗取了用户的权限进行攻击。 LOW级别源码分析 ?phpif( isset( $_GET[ Change ] ) ) {// Get input$pass_new $_GET[ password_new ];$pass_conf $_GET[ password_conf ];// Do the passwords match?if( $pass_new $pass_conf ) {// They do!$pass_new ((isset($GLOBALS[___mysqli_ston]) is_object($GLOBALS[___mysqli_ston])) ? mysqli_real_escape_string($GLOBALS[___mysqli_ston], $pass_new ) : ((trigger_error([MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work., E_USER_ERROR)) ? : ));$pass_new md5( $pass_new );// Update the database$current_user dvwaCurrentUser();$insert UPDATE users SET password $pass_new WHERE user . $current_user . ;;$result mysqli_query($GLOBALS[___mysqli_ston], $insert ) or die( pre . ((is_object($GLOBALS[___mysqli_ston])) ? mysqli_error($GLOBALS[___mysqli_ston]) : (($___mysqli_res mysqli_connect_error()) ? $___mysqli_res : false)) . /pre );// Feedback for the userecho prePassword Changed./pre;}else {// Issue with passwords matchingecho prePasswords did not match./pre;}((is_null($___mysqli_res mysqli_close($GLOBALS[___mysqli_ston]))) ? false : $___mysqli_res); }? 发现只是坐了密码比对并没有其他认证只需要输入的新密码和确认的新密码保持一致即可 New password123456 Confirm new password123456 将地址栏中的两个密码改成123 同样可以修改成功修改密码的链接过于明显可以使用一些缩短链接的方法这样用户更容易上当。也可以写一个html简单脚本把img标签隐藏起来 img srchttp://192.168.80.145/dvwa/vulnerabilities/csrf/?password_new123456password_conf123456ChangeChange# border0 styledisplay:none; h1404 /h1 h2file not found!! /h2当用户点击访问这个页面时会以为访问的页面丢失了但是当他打开这个页面时用户的密码已经被修改了 Medium级别源码分析 ?phpif( isset( $_GET[ Change ] ) ) {// Checks to see where the request came fromif( stripos( $_SERVER[ HTTP_REFERER ] ,$_SERVER[ SERVER_NAME ]) ! false ) {// Get input$pass_new $_GET[ password_new ];$pass_conf $_GET[ password_conf ];// Do the passwords match?if( $pass_new $pass_conf ) {// They do!$pass_new ((isset($GLOBALS[___mysqli_ston]) is_object($GLOBALS[___mysqli_ston])) ? mysqli_real_escape_string($GLOBALS[___mysqli_ston], $pass_new ) : ((trigger_error([MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work., E_USER_ERROR)) ? : ));$pass_new md5( $pass_new );// Update the database$current_user dvwaCurrentUser();$insert UPDATE users SET password $pass_new WHERE user . $current_user . ;;$result mysqli_query($GLOBALS[___mysqli_ston], $insert ) or die( pre . ((is_object($GLOBALS[___mysqli_ston])) ? mysqli_error($GLOBALS[___mysqli_ston]) : (($___mysqli_res mysqli_connect_error()) ? $___mysqli_res : false)) . /pre );// Feedback for the userecho prePassword Changed./pre;}else {// Issue with passwords matchingecho prePasswords did not match./pre;}}else {// Didnt come from a trusted sourceecho preThat request didnt look correct./pre;}((is_null($___mysqli_res mysqli_close($GLOBALS[___mysqli_ston]))) ? false : $___mysqli_res); }? stripos() 函数查找字符串在另一字符串中第一次出现的位置不区分大小写代码检查了保留变量HTTP_REFERER http包头部的Referer字段的值表示来源地址是否包含SERVER_NAMEhttp包头部的 Host 字段表示要访问的主机名。 if( stripos( $_SERVER[ HTTP_REFERER ] ,$_SERVER[ SERVER_NAME ]) ! false ) 这里通过STRIPOS函数对比HTTP_REFERERSERVER_NAME是否一致后台的服务器会去检查HTTP_REFERER函数是否包含SERVER_NAME(host参数、主机名等)用此方法来抵御CSRF攻击 # 方法要想通过验证就必须保证在Http请求中Referer字段中必须包含Host所以攻击者只需要将文件名改成受害者的Host以及name就可以完美通过验证使用burp suit抓包发送到Repeater 将Host与Referer修改一致 High级别 ?php$change false; $request_type html; $return_message Request Failed;if ($_SERVER[REQUEST_METHOD] POST array_key_exists (CONTENT_TYPE, $_SERVER) $_SERVER[CONTENT_TYPE] application/json) {$data json_decode(file_get_contents(php://input), true);$request_type json;if (array_key_exists(HTTP_USER_TOKEN, $_SERVER) array_key_exists(password_new, $data) array_key_exists(password_conf, $data) array_key_exists(Change, $data)) {$token $_SERVER[HTTP_USER_TOKEN];$pass_new $data[password_new];$pass_conf $data[password_conf];$change true;} } else {if (array_key_exists(user_token, $_REQUEST) array_key_exists(password_new, $_REQUEST) array_key_exists(password_conf, $_REQUEST) array_key_exists(Change, $_REQUEST)) {$token $_REQUEST[user_token];$pass_new $_REQUEST[password_new];$pass_conf $_REQUEST[password_conf];$change true;} }if ($change) {// Check Anti-CSRF tokencheckToken( $token, $_SESSION[ session_token ], index.php );// Do the passwords match?if( $pass_new $pass_conf ) {// They do!$pass_new mysqli_real_escape_string ($GLOBALS[___mysqli_ston], $pass_new);$pass_new md5( $pass_new );// Update the database$current_user dvwaCurrentUser();$insert UPDATE users SET password . $pass_new . WHERE user . $current_user . ;;$result mysqli_query($GLOBALS[___mysqli_ston], $insert );// Feedback for the user$return_message Password Changed.;}else {// Issue with passwords matching$return_message Passwords did not match.;}mysqli_close($GLOBALS[___mysqli_ston]);if ($request_type json) {generateSessionToken();header (Content-Type: application/json);print json_encode (array(Message $return_message));exit;} else {echo pre . $return_message . /pre;} }// Generate Anti-CSRF token generateSessionToken();? 直接修改cook的安全等级绕过token认证机制 Burp Suite抓包发送到Repeater 安全等级修改为low

查看全文

http://www.hkea.cn/news/14338539/