table of Contents
0X01 Vulnerability Patching Logic Analysis
The essence of CSRF vulnerability: The server cannot accurately determine whether the current request is a custom operation of a legitimate user.
If the server gives the user a unique legal token after the user logs in, during each operation, the server will verify whether the token is correct, and if it is correct, perform the operation. The operation is not performed incorrectly.
Under normal circumstances, the given token will be written into the value of the hidden field in the form, and submitted along with the content of the form.
0X02 simple code model analysis
If you construct CSRF remotely and use POC, you will be directly recruited. If a unique token is set in the addition, deletion, and modification, and the operation can only be performed by submitting the token when performing the operation, CSRF can be effectively prevented. If the token is incorrect, no action is performed. And give the prompt content.
0X03 Generate Token code analysis
Token, as the only credential to identify whether the operation is the current user's own operation, needs to be set to complex and difficult to be cracked content.
E.g:
function generateToken(){
$salt = “test” . date("Y/m/d") ; 出现问题
$token = md5($salt);
return $token;
}
Call the function to view the generated token
0X04 Use Token for CSRF Vulnerability Defense
1. After successful login verification, save the Token in the session SESSION["user_token"].
2. In the background operation, add the hidden field hidden in the addition, deletion and modification form, and set the value to Token.
3. Verify that the Token is correct after submission.
Simplified code demonstration:
Token verification process, understand the process of Token defense CSRF from practice.