Upgrade to Pro — share decks privately, control downloads, hide ads and more …

大话前端黑客

Avatar for kaiye kaiye
March 29, 2013

 大话前端黑客

聊聊前端黑客及黑客技术,拍拍网前端安全案例分析。

Avatar for kaiye

kaiye

March 29, 2013
Tweet

More Decks by kaiye

Other Decks in Technology

Transcript

  1. 携带用户cookie发送跨站伪造请求 HTML CSRF / JSON HiJacking / Flash CSRF 如访问以下DEMO将发送清除拍拍浏览记录

    <img src=”http://my.paipai.com/cgi-bin/vieweditems/delete” /> 使用校验码、token防御
  2. 回顾 • XSS 跨站脚本 - 反射型XSS - 存储型XSS - DOM-base

    XSS • CSRF 跨站请求伪造 • Clickjacking 界面操作劫持