用户
搜索
  • TA的每日心情
    慵懒
    13 小时前
  • 签到天数: 76 天

    连续签到: 1 天

    [LV.6]常住居民II

    版主

    Rank: 7Rank: 7Rank: 7

    6

    主题

    60

    帖子

    529

    魔法币
    收听
    1
    粉丝
    1
    注册时间
    2018-5-1

    i春秋认证秦核心白帽春秋文阁

    发表于 2020-2-8 10:53:53 01725
    本帖最后由 南方有梦 于 2020-2-8 10:55 编辑

    图片1.png
    CSRF is common when exploitingvulnerabilities. Common CSRF is easy to mine and use. But most systems will addprotection to them, for example: each user has a corresponding token
    Even if the other party makes correspondingprotection, it doesn't mean that we can't exploit the vulnerability again. Itsprotection will be defective, so we can bypass it.
    (The bypass of SSRF protection is quite different from thatof CSRF)

    0x01 Changerequest method
    If ourCSRF vulnerability request mode is post, then we can try to modify it to getrequest mode. If it is a get request, it will be modified to a post request, asabove. In doing so, the system may not have the proper means of protection.
    Hypothesis:
    图片2.png
    Can bechanged to:
    图片3.png

    file:///C:/Users/33868/AppData/Local/Temp/msohtmlclip1/01/clip_image002.png
    0x02 BypassCSRF token protection
    We candelete or send a blank token
         Deleting or sending a blank token to bypassis usually due to a system logic error.
         As shown below:
    图片4.png
    file:///C:/Users/33868/AppData/Local/Temp/msohtmlclip1/01/clip_image004.jpg
         Delete token:
    图片5.png
    file:///C:/Users/33868/AppData/Local/Temp/msohtmlclip1/01/clip_image005.png
         Or send a blank token:
    file:///C:/Users/33868/AppData/Local/Temp/msohtmlclip1/01/clip_image006.png
    图片6.png

    0x03 Bypass regular expressions
    You cantry to bypass the regular expression used to validate the jump URL. Forexample, we can try to place the victim domain name as a child domain ordirectory in the victim URL.
    If thewebsite is jumping to the website "Baidu. Com", it may be bypassed by"Baidu. Com. Hacker. Com" or "hacker. COM / Baidu. Com".
    ---------------------------------------------------------------------------------------------

    据国家网信办网站11月20日消息,为规范发布网络安全威胁信息的行为,有效应对网络安全威胁和风险,保障网络运行安全,国家互联网信息办公室会同公安部等有关部门起草了《网络安全威胁信息发布管理办法(征求意见稿)》,现向社会公开征求意见。
    根据国家出的政策了,表弟我打算顺应市场!弄一个干货资源分享,不难发现这次意见稿发布之后,很多的资料都被删除了以及实战少了!
    而小弟我的分享呢,主要分享渗透实战,漏洞复现,操作骚姿势,国外实战等 干货满满的内容分享给入群的人,更有在线解答等待着你
    零基础咱不怕,群里有大佬或者表弟我替你解答!!!此时不来更待何时,名额有限。
    详细请联系
    微信图片_20191026151813.jpg

    发新帖
    您需要登录后才可以回帖 登录 | 立即注册