1)回顾low级别做过csrf页面的密码重置,重复之前的操作,我们发现级别调整中级之后,报错如下
2)查看源码
- $_SERVER[‘HTTP_REFERER’]:上一次的请求的url
- $_SERVER[‘SERVER_NAME’]:当前的服务器的host
- 代码:如果$_SERVER[‘HTTP_REFERER’]和$_SERVER[‘SERVER_NAME’]一样的话,我们才会接受请求
- stripos(a,b):b是否在a中包含,如果包含,则为真
if (isset($_SERVER["HTTP_REFERER"]) and @$_SERVER["SERVER_NAME"] != "null" and $_SERVER["SERVER_NAME"] =="mycrm.com" and @$_SERVER["HTTP_ORIGIN"] != "null" and $_SERVER["HTTP_ORIGIN"] == "http://mycrm.com"){//代码正文pass
}else{echo "修改异常,你已经被检测轻点整事";
}
3)抓包
- 分析:$_SERVER[‘HTTP_REFERER’]和$_SERVER[‘SERVER_NAME’]
4)绕过
方法一:
方法二:
