Go to Qiita Advent Calendar Top
LoginSignup
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

@yna020311(よなあ)

【14個目】【XSS】Exploiting XSS to bypass CSRF defenses

Posted at

Exploiting XSS to bypass CSRF defenses

概要

ブログ投稿機能でCSRFトークンを取得してからユーザ情報のメールアドレスを変更するスクリプトを投稿し、ページを表示したユーザにCSRF攻撃を実行

攻撃手順

  • 投稿したブログがサニタイズされていないか確認
  • 投稿フォームにCSRFトークンを取得してからメールアドレスを変更するスクリプトを投稿

対策

  • サニタイズ処理の強化
  • CSP(Content Security Policy)でスクリプト実行を制限
0
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?