Ethical Hacking and Penetration Testing Guide



Yüklə 22,44 Mb.
Pdf görüntüsü
səhifə234/235
tarix07.08.2023
ölçüsü22,44 Mb.
#138846
1   ...   227   228   229   230   231   232   233   234   235
Ethical Hacking and Penetration Testing Guide ( PDFDrive )

Example 5
We have already seen a couple of JavaScript examples. Let’s take a look at an example from jquery 
and at the full html source code:
HTML CODE





Web Hacking
◾ 
389
solid; border-spacing: 1px; color: green; padding: 4px; width: 50%;">div>

value="" id="txt_email" onkeyup="updateEmail()"/>



"confpass" 
value="12345">

We start by closing the html, head, and title tags; next, we paste the html for the form that we 
created earlier, which will automatically change the password.
Anti-CSRF Tokens
A better way to protect against CSRF attacks is by using CSRF tokens. The nonce tokens are the 
most popular ones used, and they could be generated per session or per specific user action. They 
are usually submitted via a hidden form field since the attacker will not have access to the anti-
csrf tokens. He won’t be able to make a request on behalf of the victim. This is how it’s actually 
implemented:


416
◾ 
Ethical Hacking and Penetration Testing Guide







Yüklə 22,44 Mb.

Dostları ilə paylaş:
1   ...   227   228   229   230   231   232   233   234   235




Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©azkurs.org 2024
rəhbərliyinə müraciət

gir | qeydiyyatdan keç
    Ana səhifə


yükləyin