堆栈内存溢出
  简体   繁体   English

将ajax请求更改为不同的php文件漏洞,潜在的漏洞利用澄清

[英]Changing a ajax request to a different php file vulnerability, potential exploit clarification

 原文  2016-12-13 13:56:48       javascript/ php/ jquery/ ajax/ security

问题描述

I am creating an application, that accepts a ajax call (jquery) and returns the validated user an entry token to the website. 我正在创建一个接受ajax调用(jquery)的应用程序,并将经过验证的用户返回一个条目令牌到网站。

Say for example the ajax is called checkAuth.php and there are all the other php files in this directory. 比如说ajax叫做checkAuth.php,这个目录里还有其他所有的php文件。 By changing the JS to validate another file like checkMail.php for example: 通过更改JS来验证另一个文件,例如checkMail.php,例如: 

var xmlRequest = $.ajax({
  url: "checkAuth.php",
  processData: false,
  data: xmlDocument
});

change the url to checkMail.php and create a vulnerability in the site? 将网址更改为checkMail.php并在网站中创建漏洞? 

var xmlRequest = $.ajax({
  url: "checkMail.php",
  processData: false,
  data: xmlDocument
});

Although the result would return a different object but by doing so would this create an "open door" perhaps where the malicious user would keep sending requests in order to gain access? 虽然结果将返回一个不同的对象,但这样做会创建一个“敞开的大门”,也许恶意用户会继续发送请求以获取访问权限? I understand that the user would have to know that the php file exists however I am unsure how to process this securely whilst maintaining my directory structure. 我知道用户必须知道php文件存在但是我不确定如何在保持我的目录结构的同时安全地处理它。 Please note this is not my actual code and I cant clarify the answer with these other posts or I am not understanding this correctly. 请注意这不是我的实际代码,我不能用这些其他帖子澄清答案,或者我没有正确理解这一点。

Edit: In addition - would this mean that any site using jquery would be able to ajax request any file from the server and create a vulnerability? 编辑:此外 - 这是否意味着使用jquery的任何网站都能够从服务器请求任何文件并创建漏洞?

How to authenticate an AJAX request to a PHP file? 如何验证对PHP文件的AJAX请求?

Question regarding Ajax Hacking 关于Ajax Hacking的问题

Ajax Security questions Ajax安全问题

How to send secure AJAX requests with PHP and jQuery 如何使用PHP和jQuery发送安全的AJAX请求

1 个解决方案

解决方案1
 0 已采纳  2016-12-14 12:30:41

In general, any AJAX request can access all files which accessible via http request like as user types full URL as the browser address. 通常,任何AJAX请求都可以访问通过http请求可访问的所有文件,例如用户键入完整URL作为浏览器地址。

So, you have to check security token or something else in the begining of PHP-scripts. 因此,您必须在PHP脚本的开头检查安全令牌或其他内容。

You can restrict access to folders or files using .htaccess, see https://stackoverflow.com/a/11729748/3325396 您可以使用.htaccess限制对文件夹或文件的访问,请参阅https://stackoverflow.com/a/11729748/3325396

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Ajax请求后漏洞 - Ajax post request vulnerability CORS ajax请求澄清 - CORS ajax request clarification 我的朋友发现的JavaScript代码“利用”此漏洞 - JavaScript code to “exploit” this vulnerability my friend found php中的多个ajax请求,每个请求都有不同的数据 - Multiple ajax request in php with different data each request 在PHP文件上安全的angularjs代码ajax请求 - Secure angularjs code ajax request on php file 用ajax请求调用.php文件-Wordpress - Call .php file with an ajax request - wordpress Ajax请求从php文件获取数据? - Ajax request to get data from php file? 在ajax请求中隐藏php文件的路径 - hide the path of the php file in ajax request 为什么在ajax请求中字符“ +”没有发送到php文件? - Why is the character “+” not sent to php file on ajax request? 如何验证对PHP文件的AJAX请求? - How to authenticate an AJAX request to a PHP file?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM