<>CSRF and SSRF Explain in detail :

<>CSRF What is it? :

CSRF Cross-site request forgery (Cross-Site Request
Forgery), In terms of means XSS Vulnerability similarity , By stealing the identity of the attacker , Access the server as an attacker , Operate

<>CSRF Attack principle :

* The attacker opened the browser , Visit website A, Enter user name and password , Send request , The server receives the request , Return response , It contains the user's cookie information .
* By the attacker on the website A
cookie Within the validity period of , Visit the website built by the attacker , The attacker's website contains malicious code , Because the browser contains websites A of Cookie, Therefore, the attacker can use the identity of the attacker to visit the website through the website he has built A
<>CSRF Defensive means :

* verification HTTP In packet referer field
* Add to request address token And verify
* stay HTTP Customize the attribute in the header and validate it
* Request mode can only be restricted POST
* When users send important requests, they need to enter the original password
<>SSRF What is it? :

Forgery) Server request forgery is a security vulnerability constructed by attackers to send requests by the server .SSRF The main goal of is the internal system that cannot be accessed by the external network

<>SSRF Causes of formation :

SSRF The main reason is that the server provides the corresponding resources from other server applications , However, the target address is not filtered .

<>SSRF Common vulnerabilities :

* adopt url Load or download pictures
* Online translation function : adopt url Address loading or uploading pictures