摘要
CSRF可在源站发起攻击,也可在引导用户访问其他危险网站的同时发起攻击,是一种严重的Web漏洞。实际中,很多Web应用程序都因存在CSRF漏洞而受到攻击。CSRF的攻击方式很多,对网站的危害也很大。通过CSRF漏洞,攻击者会看到用户信息,甚至修改用户信息;攻击者通过浏览用户之前浏览过的页面,并模仿用户进行一系列危险操作,获得用户的邮箱账号、家庭住址、甚至是银行卡的后4位等重要信息。因此,分析CSRF的形成原理,讲述其漏洞检测方法,并针对CSRF攻击的方式,提出相应的防范措施。
CSRF may launch attack at the source web site, or launch an attack while guiding user to visit other dangerous sites,and it is a serious Web vulnerability, many Web applications are vulnerable to attacks. CSRF has lots of attackmode. And does serious harm to sites. By exploiting CSRF vulnerability the attacker may see the user's information, or even tamper with the user's information, the attacker by browses the pages browsed before by the users, imitates the user's behavior and does a series of dangerous operation, and fianlly realizes access to the user's e-mail account, home address, and even the last 4 important numbers on the banking card. Principle of CSRF is analyzed, vulnerability detection described, and the corresponding preventive means against CSRF attack mode suggested.
出处
《通信技术》
2017年第3期558-564,共7页
Communications Technology
