[英]Vulnerable when user clicks on a malicious link
I am trying to understand a secure login authentication. 我正在尝试了解安全登录身份验证。 The code to implement login functionality is in the following link.
实现登录功能的代码位于以下链接中。 (In this scenario, a guid is used but in a real life scenario a better mechanism can be employed)
(在这种情况下,使用guid,但在现实生活中,可以采用更好的机制)
https://github.com/GrepSecurity/SessionFixationExample/blob/master/SessionFixationExample/SecureLoginFunc/SecureLogin.aspx.cs https://github.com/GrepSecurity/SessionFixationExample/blob/master/SessionFixationExample/SecureLoginFunc/SecureLogin.aspx.cs
Once the user has logged in, the welcome page has the code in the following link to check user authenticity. 用户登录后,欢迎页面会在以下链接中显示代码以检查用户的真实性。 (This is the most common code I could find for verifying user authentication)
(这是我可以找到的用于验证用户身份验证的最常用代码)
https://github.com/GrepSecurity/SessionFixationExample/blob/master/SessionFixationExample/SecureLoginFunc/SecureLogout.aspx.cs https://github.com/GrepSecurity/SessionFixationExample/blob/master/SessionFixationExample/SecureLoginFunc/SecureLogout.aspx.cs
I was thinking of one scenario where this can fail. 我在想一个可能会失败的场景。 Consider the scenario
考虑一下场景
I understand that there is no serious effect with the possibilities mentioned above, but still, can this scenario be prevented ? 我知道上述可能性没有严重影响,但是,这种情况是否可以防止? Or is this even a valid scenario ?
或者这甚至是一个有效的场景? Am I missing something ?
我错过了什么吗?
Here are my questions 这是我的问题
In this example you mentioned this was an another attack scenario (CSRF). 在这个例子中,你提到这是另一个攻击场景(CSRF)。
What CSRF basically means: An attacker Performs an Action in behalf of the victim. CSRF基本上意味着什么:攻击者代表受害者执行行动。 This action or the origin request for this action will come from another site.
此操作或此操作的原始请求将来自其他站点。
To protect against CSRF you may need to follow OWASPs Guideline. 为了防止CSRF,您可能需要遵循OWASP指南。 ( https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.md )
( https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.md )
But for your example. 但是对于你的例子。 Let's assume you want to protect the action called Order.
假设你想要保护名为Order的动作。 There will be a token generated on your Server.
将在您的服务器上生成令牌。 This token will be then rendered or sent to the client.
然后,该令牌将被呈现或发送到客户端。 A valid Request would look like
www.somewebsite.com/Order
with Post Parameter Order=Something & Token="RANDOM_TOKEN"
有效的请求看起来像
www.somewebsite.com/Order
,后参数Order=Something & Token="RANDOM_TOKEN"
This token will be afterwards checked by the Server before performing this operation. 在执行此操作之前,服务器将检查此令牌。
The attacker nevertheless won't have access to this token if he is simply originating this request from another site/domain since it was rendered on the client's page. 但是,如果攻击者只是从其他站点/域发起此请求,则无法访问此令牌,因为它是在客户端页面上呈现的。
Is it possible for the attacker to get access to this token? 攻击者是否可以访问此令牌?
Yes, it may possible if the application is vulnerable to (XSS). 是的,如果应用程序易受(XSS)攻击,则可能。 Using JS the attacker can send a malicious link to the victim with JS command that will
使用JS,攻击者可以使用JS命令向受害者发送恶意链接
Although a usual case scenario for XSS to steal the victim's cookies. 虽然通常情况下XSS窃取受害者的cookie。 But in case the cookies were flagged with
HTTPOnly
a CSRF attack might be possible. 但是如果使用
HTTPOnly
标记cookie,则可能会发生CSRF攻击。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.