pikachu unsafe url redirection

Others 2020-04-08 15:50:52 views: null

 

1. Unsafe url redirect (jump) principle and demonstration

 

 

  Scene demo

 

 

  Random test

  Other points:

 

 

  The third point will jump, jump to the overview page.

 

 

  We url try at it, pass a corresponding url into it, it will pass over the background jump.

  Under normal circumstances should jump to their own pages (as the third)

 

 

 

 

 

   Jump to Baidu

 

  We can also pass its own malicious sites url into it.

 

  Look at the code behind

 

   Through GET Request distal passed in url , determine what, if equal to i, is this sentence; no, jump to the url addresses corresponding to. This is problematic.

 

  If you deal with this problem, we want to redirect, you need to url to restrict the white list, if not, jump to their own pages or fixed site.

 

Guess you like

Origin www.cnblogs.com/zhaihuijie/p/12660052.html
Recommended
Ranking
Solve the problem that the Chinese display of the drawing using python matplotlib under the Linux system is displayed as a box
[Conference Call for Papers] The 5th International Conference on Civil Engineering, Environmental Resources and Energy Materials (CCESEM 2023)
4-yl Fast Fourier Transform
DataGirdView interlaced display color
[Docker implements test deployment CI/CD----Dingding alarm after the build is successful (7)]
[Asp.net core series] 6 the complete structure of a project in actual combat
The new version of OpenCenterV3 management background
Why can box plots detect outliers and what is the principle?
[Switch] jumbo frame Introduction
C++对象移动(3)——移动构造函数
Daily
More
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)

Code World

© 2018 codetd.com