1.暴力破解(Brute Force):http://www.2cto.com/Article/201403/284282.html
2.命令注入攻击(Command Injection Execution):http://www.2cto.com/Article/201403/284294.html
CSRF就是跨站请求伪造攻击,你这可以这么理解CSRF攻击:攻击者盗用了你的身份,以你的名义发送恶意请求。CSRF能够做的事情包括:以你名义发送邮件,发消息,盗取你的账号,修改你的密码,甚至于购买商品,虚拟货币转账……造成的问题包括:个人隐私泄露以及财产安全。
这里以修改您的密码介绍CSRF。
一、先看看没有任何安全防御的代码。
01
02 <?php
03
04 if (isset($_GET['Change'])) {
05
06 // Turn requests into variables
07 $pass_new = $_GET['password_new'];
08 $pass_conf = $_GET['password_conf'];
09
10
11 if (($pass_new == $pass_conf)){
12 $pass_new = mysql_real_escape_string($pass_new);
13 $pass_new = md5($pass_new);
14
15 $insert="UPDATE `users` SET password = '$pass_new' WHERE user = 'admin';";
16 $result=mysql_query($insert) or die('<pre>' . mysql_error() . '</pre>' );
17
18 echo "<pre> Password Changed </pre>";
19 mysql_close();
20 }
21
22 else{
23 echo "<pre> Passwords did not match. </pre>";
24 }
25
26 }
27 ?>
这段代码直接将新密码写进 数据库 ,没有验证用户的旧密码,也没有对http引用进行确认,这样任何别的网站都可以用你cookies对你的帐户进行CSRF攻击。
二、下面这段代码对http引用进行确认,然后再写数据库。
01 <?php
02
03 if (isset($_GET['Change'])) {
04
05 // Checks the http referer header
06 if ( eregi ( "127.0.0.1", $_SERVER['HTTP_REFERER'] ) ){
07
08 // Turn requests into variables
09 $pass_new = $_GET['password_new'];
10 $pass_conf = $_GET['password_conf'];
11
12 if ($pass_new == $pass_conf){
13 $pass_new = mysql _real_escape_string($pass_new);
14 $pass_new = md5($pass_new);
15
16 $insert="UPDATE `users` SET password = '$pass_new' WHERE user = 'admin';";
17 $result=mysql_query($insert) or die('<pre>' . mysql_error() . '</pre>' );
18
19 echo "<pre> Password Changed </pre>";
20 mysql_close();
21 }
22
23 else{
24 echo "<pre> Passwords did not match. </pre>";
25 }
26
27 }
28
29 }
30 ?>
这段代码虽然确认了http引用,但是还是看着不爽是吧。
三、下面这段代码就比较爽了。
01 <?php
02
03 if (isset($_GET['Change'])) {
04
05 // Turn requests into variables
06 $pass_curr = $_GET['password_current'];
07 $pass_new = $_GET['password_new'];
08 $pass_conf = $_GET['password_conf'];
09
10 // Sanitise current password input
11 $pass_curr = stripslashes( $pass_curr );
12 $pass_curr = mysql_real_escape_string( $pass_curr );
13 $pass_curr = md5( $pass_curr );
14
15 // Check that the current password is correct
16 $qry = "SELECT password FROM `users` WHERE user='admin' AND password='$pass_curr';";
17 $result = mysql_query($qry) or die('<pre>' . mysql_error() . '</pre>' );
18
19 if (($pass_new == $pass_conf) && ( $result && mysql_num_rows( $result ) == 1 )){
20 $pass_new = mysql_real_escape_string($pass_new);
21 $pass_new = md5($pass_new);
22
23 $insert="UPDATE `users` SET password = '$pass_new' WHERE user = 'admin';";
24 $result=mysql_query($insert) or die('<pre>' . mysql_error() . '</pre>' );
25
26 echo "<pre> Password Changed </pre>";
27 mysql_close();
28 }
29
30 else{
31 echo "<pre> Passwords did not match or current password incorrect. </pre>";
32 }
33
34 }
35 ?>
查看更多关于web安全三——跨站请求伪造攻击(Cross Site Reque的详细内容...