soarli

防范CSRF攻击的一次实战
针对Typecho搜索框的两种形式Get请求的CSRF防御功能:index.php:$referer = $_SE...
扫描右侧二维码阅读全文
18
2021/10

防范CSRF攻击的一次实战

针对Typecho搜索框的两种形式Get请求的CSRF防御功能:
index.php

$referer = $_SERVER["HTTP_REFERER"];
$url = 'http://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
if ((preg_match("/blog.diannao120.top\/\?s\=/i", "$url") || preg_match("/blog.diannao120.top\/index.php\/search/i", "$url")) && !preg_match("/blog.diannao120.top/i", "$referer")) {
    http_response_code(403);
    exit('<h2>CSRF Request is Forbidden !</h2>');
}

这样实际上解决问题了,会对不适当请求返回403状态码同时拒绝服务,但是漏洞扫描还会报漏洞:

10.19凌晨更新:

偶然发现河南农业大学招生办公室网站搜索框有一个隐藏的input,不抱希望的把它拿来一试,竟然过了!Nice!

<input type="hidden" name="kwtype" value="0">

参考资料:
https://blog.csdn.net/zhongliang415/article/details/108300607
https://blog.csdn.net/tterminator/article/details/70186033
https://www.lanka.cn/typecho-5_3736.html
https://www.cnblogs.com/shikyoh/p/4959678.html
https://www.runoob.com/php/php-preg_match.html
https://www.cnblogs.com/xinaixia/p/5852379.html
https://blog.csdn.net/senlin1202/article/details/50800146
https://www.cnblogs.com/ronghua/p/11347090.html
https://blog.csdn.net/weixin_33669968/article/details/88889748
https://blog.csdn.net/xiaohuangren_123/article/details/115208779

最后修改:2021 年 10 月 19 日 02 : 01 AM

发表评论