PHP vulnerability Total five-cross-site request forgery

CSRF (Cross site request forgeries), which is intended to be spoofed across Web sites, is also written as XSRF. The attacker forges the HTTP request of the target user and then sends the request to a CSRF VulnerabilitySite, the site executes this request, causing a cross-site request forgery attack. The attacker uses a covert HTTP connection to allow the target user to click on the link without notice, because the user clicks on it, and the legitimate user has legal rights, so the target user can execute a specific HTTP link within the site to achieve the attacker's purpose.

For example:
When a shopping site buys a product, the http://www.shop.com/buy.php?item=watch&num=1 item parameter determines what item to buy, the num parameter determines the quantity to buy, and if the attacker sends the link to the target user in a hidden way, the number of purchases becomes 1000 if the target user is accidentally accessed.

Instance
V1.0 Network PHP Message Board
Delete any message

//delbook.php 此页面用于删除留言include_once("dlyz.php"//dlyz.php用户验证权限，当权限是admin的时候方可删除留言 include_once("../conn.php"$del=$_GET["del"$id=$_GET["id"if ($del=="data") {     $ID_Dele= implode(",",$_POST['adid']);     $sql="delete from book where id in (".$ID_Dele.")";     mysql_query($sqlelse{     $sql="delete from book where;

Note: This article by Sogou Security editing and publishing, reproduced please indicate the source.

'). addclass (' pre-numbering '). Hide (); $ (this). addclass (' has-numbering '). Parent (). append ($numbering); for (i = 1; i <= lines; i++) {$numbering. Append ($ ('

'). Text (i)); }; $numbering. FadeIn (1700); }); });

The above introduces the full solution of PHP five-cross-site request forgery, including the content of the vulnerability, I hope that the PHP tutorial interested in a friend helpful.

