zoukankan      html  css  js  c++  java
  • CSRF

     Cross Site Request Forgery 

    跨站请求伪造

    下面是一个测试的demo

    如下服务

    let num = 100
    router.get('/getnum', (req,res) => {
    	console.log(req.headers.referer)
    	var data={
    		"message": "success",
    		"code": 200,
    		"data": {
    			"balanceAccount": num,
    		}
    	}
    	console.log(num)
    	res.json(data)
    })
    router.get('/delete', (req,res) => {
    	num = 0
    	var data={
    		"message": "success",
    		"code": 200,
    	}
    	console.log(num)
    	res.json(data)
    })
    

      页面1

    <!DOCTYPE html>
    <html lang="en">
    
    <head>
        <meta charset="UTF-8">
        <meta name="viewport" content="width=device-width, initial-scale=1.0">
        <meta http-equiv="X-UA-Compatible" content="ie=edge">
        <title>Document</title>
    </head>
    
    <body>
        <div id="parent">
            <p>
                this is csrf
            </p>
        </div>
        <button>delete</button>
    </body>
    <script>
        fetch("http://localhost:3000/test/getnum")
            .then(
                function (response) {
                    if (response.status !== 200) {
                        console.log("存在一个问题,状态码为:" + response.status);
                        return;
                    }
                    //检查响应文本
                    response.json().then(function (data) {
                        console.log(data);
                        document.getElementById('parent').innerHTML += data.data.balanceAccount
                    });
                }
            )
            .catch(function (err) {
                console.log("Fetch错误:" + err);
            });
    </script>
    
    </html>
    

      页面2

    <!DOCTYPE html>
    <html lang="en">
    <head>
        <meta charset="UTF-8">
        <meta name="viewport" content="width=device-width, initial-scale=1.0">
        <meta http-equiv="X-UA-Compatible" content="ie=edge">
        <title>Document</title>
    </head>
    <body>
        <img src="http://localhost:3000/test/delete" alt="" srcset="">
    </body>
    </html>
    

      当页面1的用户登陆后,再去访问页面2,页面2就可以获取用户的信任凭证(cookie),就可以服务器的上的num给设置为0了.

    防范:

    1、验证码

    2、Referer Check,该方法还能盗图

    3、添加token验证

  • 相关阅读:
    VirtualBox中的Linux读取Windows共享目录
    Windows10资源管理器去掉左侧“下载、文档、图片、音乐、视频”等目录
    在Eclipse ee中成功使用jQuery UI插件
    (medium)LeetCode .Implement Trie (Prefix Tree)
    (*medium)LeetCode 211.Add and Search Word
    (easy)LeetCode 257.Binary Tree Paths
    2016 360笔试 编程题 2
    2016 360笔试 编程题1
    (番外)使用DFS和BFS实现拓扑排序
    (medium)LeetCode 210.Course Schedule II
  • 原文地址:https://www.cnblogs.com/yiyi17/p/9322094.html
Copyright © 2011-2022 走看看