Transfer wang master blog
Under 1.Refere empty condition
solution:
Use ftp: //, http: //, https: //, file: //, javascript:, data: this time the browser address bar is file: // at the beginning, if the HTML page to submit a request to any site http then these requests Referer are empty.
Example:
Use of data: Agreement
bese64 codec can see the code
Using the https protocol
https to http jump when Referer is null
Take a https of webshell
<iframe src="https://xxxxx.xxxxx/attack.php">
attack.php write CSRF attack code
2. Analyzing Referer is a domain where the bypass
For example, you are looking for csrf xxx.com verification referer after the validation * .xx.com can find a second-level domain <img "csrf address"> After issuing opinions in the article addresses can be forged.
3. determining whether there is a keyword Referer
determining the presence of absence referer keyword google.com
Create a directory site to google.com google.com CSRF stored in the directory, you can bypass
4. Analyzing whether there is a domain referer
Determine whether the Referer beginning to 126.com and 126 subdomain does not verify that the root domain name 126.com here so I can be constructed as a carrier server subdomain x.126.com.xxx.com worm propagation, you can bypass.