CSRF
- meaning
Cross-site Request Forgery (CSRF), also known as One Click Attack or Session Riding, is a malicious exploitation of a website. Although it sounds like cross-site scripting (XSS), it is very different from XSS, which exploits trusted users within a site, whereas CSRF exploits trusted sites by masquerading requests from trusted users. Compared to XSS attacks, CSRF attacks tend to be less popular (and therefore have relatively few resources to defend against them) and harder to defend against, so they are considered more dangerous than XSS attacks.
- Scene simulation:
- A owes B 1000 yuan and transfers it to B in the bank. The operation of A’s browser is as follows:
http://www.bank.com/transfer.php?from=a&money=1000&to=b - At this point, C wants to attack A, and he executes the following code
http://www.bank.com/transfer.php?from=Alice&money=9999&to=CathyOf course, the result is a failure, the browser will remember a’s session_ID, and C through the browser’s cookie is not A’s session_ID, so it fails. - C thought of another method, wrote a web page, access method is: www.c.com/choujiang.p… Draw a, choujiang.php to draw a, choujiang.php
<html>
<body>
<form method="get" action="http://www.bank.com/transfer.php">
<input type="hidden" name="from" value="a">
<input type="hidden" name="money" value="1000">
<input type="hidden" name="to" value="c">
<input type="button" onclick="submit()" value="Activity Lucky draw">
</form>
</body>
</html>
Copy the code- Just click on http://www.c.com/choujiang.php, a will in its own browser page shows a lottery button. If A clicks the lottery button after transferring the money to B, it is equivalent to a’s browser making the following request:
http://www.bank.com/transfer.php?from=a&money=1000&to=cAt this time, the background server of the bank recognizes from the COOKIE of HTTP that it is indeed a transferring money to C, which is a reasonable operation. But, A doesn’t know that
XSS (can be divided intoReflex XSS attackandStorage XSS attack)
- meaning
Cascading Style Sheets (CSS). XSS is a computer security vulnerability in Web applications. It allows malicious Web users to embed code into pages that are intended for use by other users.
- Scenario simulation
-
Reflective XSS attacks normal sends a message: http://www.test.com/message.php?send=Hello, the recipient will receive information and displays the Hello abnormal sends the message: http://www.test.com/message.php?send= < script > alert (‘ foolish! ‘) The Receiver’s window pops the Foolish popup. The above is just a simple example. In fact, XSS attacks can be more sophisticated and it is normal to steal user accounts and passwords
-
Storage XSS attack Type you are Foolish! < p style =” max-width: 100%; clear: both;
SQL injection
- meaning
The so-called SQL injection is to trick the server into executing malicious SQL commands by inserting SQL commands into Web form submission or query string for entering domain names or page requests. Specifically, it takes advantage of an existing application’s ability to inject (malicious) SQL commands into the back-end database engine to execute them. It can get a database on a vulnerable website by typing (malicious) SQL statements into a Web form, rather than executing the SQL statements intended by the designer. For example, many film and television websites leaked VIP members’ passwords mostly through WEB forms submitted query characters burst out, which are particularly vulnerable to SQL injection attacks.
- Scenario simulation
- This is essentially the same as the example of a stored XSS attack
- Suppose the login code for PHP now looks like this
$sql = "select * from user where username = 'a' and pwd = md5(123456)Then fill in the front password field' or 1 = 1#, then the SQL statement becomes$sql = "select * from user where username = '' or 1 = 1#' and pwd = md5(123456)#In SQL, it means comment, and the following SQL will not be executed so,$sql = "select * from user where username = '' or 1 = 1Login succeeded.