关于重定向问题
来源:4-15 逻辑增强实战
forkey
2019-08-05
老师,最后一个web_submit_data提交,这边是一个302重定向,我设置了不允许重定向,但是发现帖子没有创建成功。如果设置允许重定向,会出现OWASP_CSRFTOKEN字段,前后不一致。这边代码应该如何修改呢?(现在如果单单执行登录的话是没问题的。)
下面是脚本:
Action()
{
/*请求头*/
web_add_header("Accept",
"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8");
web_add_header("Upgrade-Insecure-Requests",
"1");
web_add_header("User-Agent",
"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.25 Safari/537.36 Core/1.70.3650.400 QQBrowser/10.4.3400.400");
web_add_auto_header("Accept-Language",
"zh-CN,zh;q=0.9");
web_add_header("Cookie","JSESSIONID=3E8A7B086FEA6AE76292E2E0D3ED7FC5; jforumUserId=1");
web_reg_save_param("OWASP_CSRFTOKEN", "LB=OWASP_CSRFTOKEN\" value=\"", "RB=\"", "Search=Body", LAST);
/*进入登录页面*/
web_custom_request("enter_login",
"URL=http://XXXX/jforum-2.6.1/user/login.page",
"Method=GET",
"TargetFrame=",
"Resource=0",
"Referer=",
"Mode=HTTP",
"EncType=text/html",
"Body=",
LAST);
lr_output_message("OWASP_CSRFTOKE----%s",lr_eval_string("{OWASP_CSRFTOKEN}"));
/*
web_reg_save_param("username", "LB=[", "RB=]</a>", "Search=Body", LAST);
*/
/*登录系统*/
web_submit_data("login",
"Action=http://XXXX/jforum-2.6.1/jforum.page",
"Method=POST",
"TargetFrame=",
"Referer=",
"Mode=HTTP",
ITEMDATA,
"Name=module", "Value=user", ENDITEM,
"Name=action", "Value=validateLogin", ENDITEM,
"Name=OWASP_CSRFTOKEN", "Value={OWASP_CSRFTOKEN}", ENDITEM,
"Name=returnPath", "Value=http://XXXX/jforum-2.6.1/forums/list.page?OWASP_CSRFTOKEN={OWASP_CSRFTOKEN}", ENDITEM,
"Name=username", "Value=admin", ENDITEM,
"Name=password", "Value=123456", ENDITEM,
"Name=redirect", "Value=", ENDITEM,
"Name=login", "Value=登入", ENDITEM,
LAST);
/*
lr_convert_string_encoding(lr_eval_string("{username}"),"utf-8",NULL,"username_msg");
lr_output_message("用户名----%s",lr_eval_string("{username_msg}"));
*/
/*提交帖子
/*不使用重定向*/
/*web_set_option("MaxRedirectionDepth","1",LAST);*/
web_submit_data("submit_article",
"Action=http://XXXX/jforum-2.6.1/jforum.page?OWASP_CSRFTOKEN={OWASP_CSRFTOKEN}",
"Method=POST",
"TargetFrame=",
"Referer=",
"Mode=HTTP",
ITEMDATA,
"Name=action", "Value=insertSave", ENDITEM,
"Name=module", "Value=posts", ENDITEM,
"Name=preview", "Value=0", ENDITEM,
"Name=OWASP_CSRFTOKEN", "Value={OWASP_CSRFTOKEN}", ENDITEM,
"Name=forum_id", "Value=3", ENDITEM,
"Name=start", "Value=", ENDITEM,
"Name=subject", "Value=new test", ENDITEM,
"Name=addbbcode32", "Value=black", ENDITEM,
"Name=addbbcode34", "Value=12", ENDITEM,
"Name=helpbox", "Value=ww", ENDITEM,
"Name=message", "Value=testing", ENDITEM,
"Name=disable_html", "Value=on", ENDITEM,
"Name=attach_sig", "Value=on", ENDITEM,
"Name=notify", "Value=on", ENDITEM,
"Name=topic_type", "Value=0", ENDITEM,
"Name=poll_label", "Value=", ENDITEM,
"Name=poll_option", "Value=", ENDITEM,
"Name=poll_option_1", "Value=", ENDITEM,
"Name=poll_length", "Value=0", ENDITEM,
"Name=poll_option_count", "Value=1", ENDITEM,
LAST);
web_custom_request("ert",
"URL=http://XXXX/jforum-2.6.1/posts/list/0/34.page#p35?OWASP_CSRFTOKEN={OWASP_CSRFTOKEN}",
"Method=GET",
"TargetFrame=",
"Resource=0",
"Referer=",
"Mode=HTTP",
"EncType=text/html",
"Body=",
LAST);
return 0;
}
下面几张是页面请求的截图
写回答
4回答
-
forkey
提问者
2019-08-06
请求结果跟手动添加调取302后的请求了, 帖子还是创建不成功
032019-08-06 -
forkey
提问者
2019-08-06
不使用重定向的话,不会报错,但是帖子没有创建成功。
012019-08-06 -
风落几番
2019-08-06
可以改成不跟随重定向 手动发新请求跳转试一下 你关联对了的话 不跟随重定向也不会报错 可以成功提交才对
012019-08-06 -
风落几番
2019-08-05
找到csrftoken生成的请求 做关联 现在写死这样肯定是不行的
012019-08-06
相似问题