确认.php
<?php session_start(); $token= md5(uniqid()); $_SESSION['delete_customer_token']= $token; session_write_close(); ?> <form method="post" action="confirm_save.php"> <input type="hidden" name="token" value="<?php echo $token; ?>" /> Do you really want to delete? <input type="submit" value=" Yes " /> <input type="button" value=" No " onclick="history.go(-1);" />
确认保存.php
<?php
session_start();
$token= $_SESSION['delete_customer_token'];
unset($_SESSION['delete_customer_token']);
session_write_close();
if ($_POST['token']==$token) {
// delete the record
} else {
// log potential CSRF attack.
}
?>
假设我们有一个像这样的典型 CSRF 保护 如果攻击者使用此代码绕过 csrf 令牌怎么办?
//On any site
<img src="http://cia.teletubbies.com/csrf.php" height="0" weight="0"/>
//csrf.php
$cont = get_file_contents("http://cia.google.com/confirm.php");
// parse the html using [PHP Simple HTML DOM Parser][2] and get the CSRF token
//CURL and send a POST request to confirm_save.php with the token
这件事一直困扰着我,但我懒得尝试对任何随机站点进行攻击。这不可能吗?
示例代码被盗在 php 中防止 csrf
更新
当有人想将令牌从一个平台传递到另一个平台或从服务器端传递到客户端时会发生什么?以 Flash 到 PHP 为例,它如何从 csrf 中获得保护?