CSRF and SSRF Explain in detail

<>CSRF and SSRF Explain in detail ：

<>CSRF What is it? ：

CSRF Cross-site request forgery (Cross-Site Request
Forgery), In terms of means XSS Vulnerability similarity , By stealing the identity of the attacker , Access the server as an attacker , Operate

<>CSRF Attack principle ：

* The attacker opened the browser , Visit website A, Enter user name and password , Send request , The server receives the request , Return response , It contains the user's cookie information .
* By the attacker on the website A
cookie Within the validity period of , Visit the website built by the attacker , The attacker's website contains malicious code , Because the browser contains websites A of Cookie, Therefore, the attacker can use the identity of the attacker to visit the website through the website he has built A
<>CSRF Defensive means ：

* verification HTTP In packet referer field
* Add to request address token And verify
* stay HTTP Customize the attribute in the header and validate it
* Request mode can only be restricted POST
* When users send important requests, they need to enter the original password
<>SSRF What is it? ：

SSRF(Service-SideRequest
Forgery) Server request forgery is a security vulnerability constructed by attackers to send requests by the server .SSRF The main goal of is the internal system that cannot be accessed by the external network

<>SSRF Causes of formation ：

SSRF The main reason is that the server provides the corresponding resources from other server applications , However, the target address is not filtered .

<>SSRF Common vulnerabilities ：

* adopt url Load or download pictures
* Online translation function ： adopt url Address loading or uploading pictures

• « 上一篇： Ten classic sorting algorithms
• » 下一篇： What's the most garbage code you've ever seen ?