добър ден, след много бройно чете за CSRF тук намерих урок с Token Който добавих в формата за регистрация , но Acunetix не спря да реве за CSRF
И постоянно ми излиза това
PHP:
<?php require_once ('style.php');
head("yes");
headmes("no");
leftmenu("no");
?>
<script type="text/javascript" src="https://code.jquery.com/jquery-2.2.0.min.js"></script>
<script type="text/javascript">
document.onkeydown = function (e) {
if (e.keyCode === 116) {
return false;
}
};</script>
<script type="text/javascript" src="inc/js/passy.js"></script>
<script language="javascript">
var xmlhttp
function showHint(str)
{
if (str.length==0)
{
document.getElementById("txtHint").innerHTML="";
return;
}
xmlhttp=GetXmlHttpObject();
if (xmlhttp==null)
{
alert ("Your browser does not support XMLHTTP!");
return;
}
var url="/chekuname.php";
url=url+"?q="+str;
url=url+"&sid="+Math.random();
xmlhttp.onreadystatechange=stateChanged;
xmlhttp.open("GET",url,true);
xmlhttp.send(null);
}
function stateChanged()
{
if (xmlhttp.readyState==4)
{
document.getElementById("txtHint").innerHTML=xmlhttp.responseText;
}
}
function GetXmlHttpObject()
{
if (window.XMLHttpRequest)
{
// code for IE7+, Firefox, Chrome, Opera, Safari
return new XMLHttpRequest();
}
if (window.ActiveXObject)
{
// code for IE6, IE5
return new ActiveXObject("Microsoft.XMLHTTP");
}
return null;
}
</script>
<?php
$ip = $_SERVER["REMOTE_ADDR"];
if ($_COOKIE['username']) { echo "<div class='success'>
<p><center>Вие сте влязъл</p></center></div>"; } else {
$user = mysql_real_escape_string($_POST['user']);
$csnick = mysql_real_escape_string($_POST['csnick']);
$email = mysql_real_escape_string($_POST['mail']);
$pol = mysql_real_escape_string($_POST['pol']);
$pr = mysql_real_escape_string($_POST['agree']);
$god = mysql_real_escape_string($_POST['godini']);
$rank = mysql_real_escape_string($_POST['rank']);
$avatar = "/images/noavatar.png";
$opisanie = "Не е посочено!";
$web = "Не е посочено!";
$grad = mysql_real_escape_string($_POST['grad']);
$date = date('d.m.Y');
$time = date("H:i:s");
$mes_avtor = 'test site';
$mes_title = 'Добре дошли '.$site_name.'';
$mes_post = 'Добре дошли '.$site_name.'!
Забавлявайте се!
';
if (isset($_POST['davai'])) {
if(empty($_POST['user']) || empty($_POST['pass']) || empty($_POST['pass1'])){
echo '<div class="error"><div class="txt"><center>Грешка! <a href="'.$pach.'register.php">Назад</a></center></div></div>';
} else
if (empty(preg_match('#^(([a-z0-9!\#$%&\\\'*+/=?^_`{|}~-]+\.?)*[a-z0-9!\#$%&\\\'*+/=?^_`{|}~-]+)@(([a-z0-9-_]+\.?)*[a-z0-9-_]+)\.[a-z]{2,}$#i',$_POST['mail'])))
{
echo'<div class="error"><div class="txt"><center>Не валиден емайл <a href="'.$pach.'register.php">Назад</a></center></div></div>';}
else {
$captcha = mysql_real_escape_string($_POST['capcode']);
$cookie = mysql_real_escape_string($_COOKIE['capcode']);
if("$capcode" !== "$cookie") { echo '<div class="error"><div class="txt"><center> Невалиден код <a href="'.$pach.'register.php">Назад</a></center></div></div>'; }
else {
if ($_POST['pass'] == $_POST['pass1']) {
$pass = md5(md5($_POST['pass']));
$chek = mysql_query("SELECT * FROM users WHERE username='$user'") or die(mysql_error());
$chek = mysql_num_rows($chek);
if ($chek == '1') {
echo '<div class="error"><div class="txt"><center>Този потребител е зает! <a href="'.$pach.'register.php">Назад</a></center></div></div>';
} else {
if (empty($_POST['skype'])) {
$skype = "Не е посочено!";
} else {
$skype = mysql_real_escape_string($_POST["skype"]);
}
if (empty($_POST['web'])) {
$web = "Не е посочено!";
} else {
$web = mysql_real_escape_string($_POST["web"]);
}
if (empty($_POST['yourname'])) {
$yourname = "Не е посочено!";
} else {
$yourname = mysql_real_escape_string($_POST["yourname"]);
}
if (empty($_POST['csnick'])) {
$csnick = "Не е посочено!";
} else {
$csnick = mysql_real_escape_string($_POST["csnick"]);
}
if (empty($_POST['avatar'])) {
$avatar = "/images/no-avatar.png";
} else {
$avatar = mysql_real_escape_string($_POST["avatar"]);
}
if ($pol == "Мъж" || $pol == "Жена") {
$pol = mysql_real_escape_string($_POST["pol"]);
} else {
$pol = "Не е посочено";
}
if (empty($_POST['grad'])) {
$grad = "Не е посочено";
} else {
$grad = mysql_real_escape_string($_POST["grad"]);
}
mysql_query("INSERT INTO users (grad,username, password, email, skype, sex, godini, avatar, ip, rank, opisanie, date, time, web, csnick, yourname) VALUES('$grad','$user', '$pass', '$email', '$skype', '$pol', '$god', '$avatar', '$ip', '4','$opisanie', '$date', '$time', '$web', '$csnick', '$yourname')")or die(mysql_error());
mysql_query("INSERT messages (user,avtor,title,post,date,time) VALUES ('$user','$mes_avtor','$mes_title','$mes_post','$date','$time')") or die(mysql_error());
echo '<div class="success"><p><center> Благодарим Ви <a href="'.$pach.'index.php">Назад</a></center></p></div>';
} } else {
echo '<div class="error"><div class="txt"><center> Нестана :) <a href="'.$pach.'register.php">Назад</a></center></div></div>';
}
} }
} else {
if(isSet($_POST['submit'])) {
if(isSet($_SESSION['token']) && $_POST['token'] == $_SESSION['token']) { //проверяваме ключа
echo 'ОК';
} else { //ако има проблем го връщваме в началната страница.
header("Location: ./index.php");
}
} else {
$token = md5(uniqid(rand(), true)); //генерираме нашия уникален ключ
$_SESSION['token'] = $token; //запазваме го в сесия
echo '
<form action="" method="post">
<div class="border content">
<div class="container-1">
<fieldset><input type="hidden" name="ip" value="<?php echo $ip; ?>">
<div class="formElement">
<div class="formFieldLabel">
<label for="username">Потребителско име:<font color="red">*</font></label>
</div>
<div class="formField">
<input type="text" class="inputText" name="user" value="" id="txt1" onkeyup="showHint(this.value)" maxlength="20">
<div id="txtHint"></div> </div>
<div class="formFieldDesc">
<p>Потребителското име трябва да бъде поне 3 символа и най-много 20.</p>
</div>
</div>
<div class="formElement">
<div class="formFieldLabel">
<label for="csnick">CSnick:<font color="red">*</font></label>
</div>
<div class="formField">
<input type="text" class="inputText" name="csnick" value=""/>
</div>
<div class="formFieldDesc">
<p></p>
</div>
</div>
<div class="formElement">
<div class="formFieldLabel">
<label for="csnick">Парола:<font color="red">*</font></label>
</div>
<div class="formField">
<input type="password" id="pass" class="inputText" name="pass" AUTOCOMPLETE="off" value="">
</div>
<div class="formFieldDesc">
<p> <script>$(\'#pass\').passStrengthify();</script></p>
</div>
</div>
<div class="formElement">
<div class="formFieldLabel">
<label for="confirmPassword">Потвърди парола:<font color="red">*</font></label>
</div>
<div class="formField">
<input type="password" class="inputText" name="pass1" AUTOCOMPLETE="off" value="" />
</div>
<div class="formFieldDesc">
<p>Моля потвърдете вашата парола!</p>
</div>
</div>
<div class="formElement">
<div class="formFieldLabel">
<label for="email">Имейл адрес:<font color="red">*</font></label>
</div>
<div class="formField">
<input type="text" class="inputText" name="mail"/>
</div>
<div class="formFieldDesc">
<p>Моля въведете вашият имейл адрес!</p>
</div>
</div>
<div class="formElement">
<div class="formFieldLabel">
<label for="skype">Skype:</label>
</div>
<div class="formField">
<input type="text" class="inputText" name="skype"/>
</div>
<div class="formFieldDesc">
<p>Моля въведете вашият Skype!</p>
</div>
</div>
<div class="formElement">
<div class="formFieldLabel">
<label for="avatar">Аватар:</label>
</div>
<div class="formField">
<input type="text" class="inputText" name="avatar"/>
</div>
<div class="formFieldDesc">
<p>Добавят се само с <font color="red">външен линк</font>!</p>
</div>
</div>
<div class="formElement">
<div class="formFieldLabel">
<label for="skype">Пол:</label>
</div>
<div class="formField">
<select name="pol" >
<option value="Мъж">Мъж</option>
<option value="Жена">Жена</option>
</select>
</div>
<div class="formFieldDesc">
<p>Какъв пол сте</p>
</div>
</div>
<div class="formElement">
<div class="formFieldLabel">
<label for="skype">Подредете картинката:</label>
</div>
<div class="formField">';
if (!class_exists('KeyCAPTCHA_CLASS')) {
include('keycaptcha_testsite_net.php');
}
$kc_o = new KeyCAPTCHA_CLASS();
echo $kc_o->render_js();
if (!class_exists('KeyCAPTCHA_CLASS')) {
include('keycaptcha_testsite_net.php');
}
$kc_o = new KeyCAPTCHA_CLASS();
if ($kc_o->check_result($_POST['capcode'])) {
}
else {
} echo' </div>
<div class="formFieldDesc">
<p></p>
</div>
</div>
<div class="formSubmit">
<input type="hidden" name="capcode" id="capcode" value="false" />
<input type="hidden" name="token" value="' . $token . '" /><input type="submit" value="Регистрирай се!" id="newpass" class="button5" name="davai" />
<input type="reset" accesskey="r" value="Рестарт" class="button5"/>
</div>
</div>
</div> </fieldset>
</form>';
}
} }
right_menu("no");
footer("yes");
?>
И постоянно ми излиза това
Код:
Attack details
Form name: <empty>
Form action: http://127.0.0.1/register
Form method: POST
Form inputs:
ip [Hidden]
user [Text]
csnick [Text]
pass [Password]
pass1 [Password]
mail [Text]
skype [Text]
avatar [Text]
pol [Select]
capcode [Hidden]
token [Hidden]
davai [Submit]