csrf: Cross Site Request Forgy
Attack principle: Log in to the trusted website A, and generate a cookie locally, visit website B without logging out of website A, and website B sends a request to website A without the user's knowledge, resulting in a CSRF attack .
Example:
If website A is a comment page, as shown below:
Script file for website B:
When you do not log out of website A, when you click the link of website B, it will appear: automatic comment, as shown below
This is actually the threat of cross-site request forgery to websites.
The script file writing idea of webpage B:
This code outputs a form, the action points to the comment interface of the comment page, the value is the ID value of the comment page, the value is 13, the content is the comment content, an iframe is created, and the name and style of the iframe are set as hidden, and the iframe Put it into the page, the form submission is jumped by default, but why is there no jump? This is because when the target of the form is the same as the value of the name of the iframe, the form will be submitted and jumped in the iframe, because the iframe Hidden, so the user can't see the jump. This is a csrf process.
Wouldn't it be easier to use get requests?
For example, add the interface address of the comment page in the src of img, and add an a tag to the parameter of the interface address, pointing to the address of the attack website B, so the result will be as follows:
In this way, a tag will be automatically added to the comment. If other users click the a tag, they will also receive an attack from website B, and automatically send a comment with a link again. This cycle will cause a great threat to the website.