차이
문서의 선택한 두 판 사이의 차이를 보여줍니다.
양쪽 이전 판이전 판다음 판 | 이전 판다음 판양쪽 다음 판 | ||
guide:ajax_개발_보안_가이드 [2013/11/26 06:33] – 121.140.124.172 | guide:ajax_개발_보안_가이드 [2013/11/29 07:54] – 121.140.124.172 | ||
---|---|---|---|
줄 133: | 줄 133: | ||
\\ | \\ | ||
지금 당면한 진짜 과제는 어떻게 정상적인 javascript에서 공격자 javascript를 확인하는가 하는 것이다. | 지금 당면한 진짜 과제는 어떻게 정상적인 javascript에서 공격자 javascript를 확인하는가 하는 것이다. | ||
+ | < | ||
+ | 1 :< | ||
+ | 2 :< | ||
+ | 3 :<? | ||
+ | 4 ://our signature will be a random number generated by the server | ||
+ | 5 :$signature = rand(); | ||
+ | 6 :?> | ||
+ | 7 :<!-- here is our legitimate script with the signature as its element id --> | ||
+ | 8 :<script id="<? | ||
+ | 9 : | ||
+ | 10 :</ | ||
+ | 11 :<!-- here is the injected attacker script that doesn' | ||
+ | 12 :< | ||
+ | 13 : | ||
+ | 14 :</ | ||
+ | 15 :<!-- here is a more evil script where the attacker will try to imitate the signature --> | ||
+ | 16 :<script id=" | ||
+ | 17 : | ||
+ | 18 :</ | ||
+ | 19 :<!-- here is the script that will do the check and of course it have the signature too --> | ||
+ | 20 :<script id="<? | ||
+ | 21 ://here we gather all the script tags elements in one array | ||
+ | 22 :var scripts = document.getElementsByTagName(" | ||
+ | 23 :for(var i = 0; i < scripts.length; | ||
+ | 24 : if(scripts[i].id != null) | ||
+ | 25 : { | ||
+ | 26 : //then we compare it with our signature if it have one, if it’s invalid we warn the user/ | ||
+ | 27 : if(scripts[i].id != <? echo $signature ?>) | ||
+ | 28 : warn(scripts[i].innerHTML) | ||
+ | 29 : } | ||
+ | 30 : else //else if there is no signature in the 1st place we warn the user/ | ||
+ | 31 : warn(scripts[i].innerHTML) | ||
+ | 32 : | ||
+ | 33 :function warn(attackscript) | ||
+ | 34 :{ | ||
+ | 35 : //here we create our XMLHttpRequest object | ||
+ | 36 : xmlHttp=GetXmlHttpObject() | ||
+ | 37 : //and here we create a request string to our logger script then send the attacker script | ||
+ | 38 : //to be logged for later analysis so we can tell what exactly happened | ||
+ | 39 : var url=" | ||
+ | 40 : xmlHttp.open(" | ||
+ | 41 : xmlHttp.send(null) | ||
+ | 42 : //then we warn the user about what is going on and advice him/her to change his/her password | ||
+ | 43 : alert(" | ||
+ | 44 :} | ||
+ | 45 ://the rest of this code is the code that is responsible of creating | ||
+ | 46 ://the XMLHttpRequest object for different browsers | ||
+ | 47 :function GetXmlHttpObject() | ||
+ | 48 :{ | ||
+ | 49 : var xmlHttp=null; | ||
+ | 50 : try | ||
+ | 51 : { | ||
+ | 52 : // Firefox, Opera 8.0+, Safari | ||
+ | 53 : xmlHttp=new XMLHttpRequest(); | ||
+ | 54 : } | ||
+ | 55 : catch (e) | ||
+ | 56 : { | ||
+ | 57 : // Internet Explorer | ||
+ | 58 : try | ||
+ | 59 : { | ||
+ | 60 : xmlHttp=new ActiveXObject(" | ||
+ | 61 : } | ||
+ | 62 : catch (e) | ||
+ | 63 : { | ||
+ | 64 : xmlHttp=new ActiveXObject(" | ||
+ | 65 : } | ||
+ | 66 : } | ||
+ | 67 : return xmlHttp; | ||
+ | 68 :} | ||
+ | 69 :</ | ||
+ | 70 :</ | ||
+ | 71 :</ | ||
+ | </ |