質問編集履歴

追記

2021/03/10 08:16

投稿

qwe001

スコア133

test CHANGED Viewed

File without changes

test CHANGED Viewed

@@ -51,3 +51,303 @@
 ご回答お待ちしております。
+Apacheのバージョンは2.4.46 最新版です
+Burp Suiteのレスポンス内容を掲載します
+```
+Summary
+Severity:  	High
+Confidence:  	Firm
+Host:  	https://***.com
+Path:  	/contact/
+Request 1
+POST /contact/?1FhZ=1515077263 HTTP/1.1
+Host: ***.com
+Cookie: csrf_cookie_name=7921977d08d544074d45d429fdfb9958; ci_session=g6j4id1s7nv740il3cnrh7sqj5oq8gfe; _ga=GA1.2.2126658472.1615355983; _gid=GA1.2.901875414.1615355983; _gat_gtag_UA_39713116_1=1
+Upgrade-Insecure-Requests: 1
+Referer: https://***.com/
+Accept: */*
+Accept-Language: en-US,en-GB;q=0.9,en;q=0.8
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
+Cache-Control: max-age=0
+Accept-Encoding: gzip, deflate
+Content-Type: application/x-www-form-urlencoded
+Transfer-Encoding: chunked
+Content-Length: 31
+Connection: keep-alive
+f
+49vb0=x&fyxe8=x
+1
+Z
+Q
+Response 1
+HTTP/1.1 302 Found
+Content-Type: text/html; charset=UTF-8
+Connection: close
+Date: Wed, 10 Mar 2021 06:28:07 GMT
+Server: Apache
+Set-Cookie: csrf_cookie_name=7921977d08d544074d45d429fdfb9958; expires=Wed, 10-Mar-2021 08:28:06 GMT; Max-Age=7200; path=/; HttpOnly
+Location: https://***.com/contact/?1FhZ=1515077263
+Expires: Thu, 19 Nov 1981 08:52:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Pragma: no-cache
+X-Frame-Options: SAMEORIGIN
+X-XSS-Protection: 1; mode=block
+X-Content-Type-Options: nosniff
+X-Cache: Miss from cloudfront
+Via: 1.1 ***.cloudfront.net (CloudFront)
+X-Amz-Cf-Pop: NRT51-C1
+X-Amz-Cf-Id: 1hLHP2aK3qg3GkLxrp0d-Wq1n8EKdfF1kl0qI4fmRof_TywjPbQzCA==
+Content-Length: 15387
+<!DOCTYPE HTML>
+<html lang="ja">
+<head>
+<meta charset="utf-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0, user-scalable=no, maximum-scale=1.0">
+<me
+...[SNIP]...
+Request 2
+POST /contact/?GufP=341181186 HTTP/1.1
+Host: ***.com
+Cookie: csrf_cookie_name=7921977d08d544074d45d429fdfb9958; ci_session=g6j4id1s7nv740il3cnrh7sqj5oq8gfe; _ga=GA1.2.2126658472.1615355983; _gid=GA1.2.901875414.1615355983; _gat_gtag_UA_39713116_1=1
+Upgrade-Insecure-Requests: 1
+Referer: https://***.com/
+Accept: */*
+Accept-Language: en-US,en-GB;q=0.9,en;q=0.8
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
+Cache-Control: max-age=0
+Accept-Encoding: gzip, deflate
+Content-Type: application/x-www-form-urlencoded
+Transfer-Encoding: chunked
+Content-Length: 92
+Connection: keep-alive
+f
+ev4x4=x&9ms6a=x
+0
+GET /ik64qiml4zxupxw7fi2ldrmn4ea7yy3mwqkg76vv HTTP/1.1
+X-Ignore: X
+Response 2
+HTTP/1.1 302 Found
+Content-Type: text/html; charset=UTF-8
+Connection: close
+Date: Wed, 10 Mar 2021 06:28:25 GMT
+Server: Apache
+Set-Cookie: csrf_cookie_name=7921977d08d544074d45d429fdfb9958; expires=Wed, 10-Mar-2021 08:28:25 GMT; Max-Age=7200; path=/; HttpOnly
+Location: https://***.com/contact/?GufP=341181186
+Expires: Thu, 19 Nov 1981 08:52:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Pragma: no-cache
+X-Frame-Options: SAMEORIGIN
+X-XSS-Protection: 1; mode=block
+X-Content-Type-Options: nosniff
+X-Cache: Miss from cloudfront
+Via: 1.1 ***.cloudfront.net (CloudFront)
+X-Amz-Cf-Pop: NRT51-C1
+X-Amz-Cf-Id: 4dYYH9LSKzWegGYiF-EN3v1vcQe8hHnyBz5rtHvjeBNZwv91N65Pvg==
+Content-Length: 15387
+<!DOCTYPE HTML>
+<html lang="ja">
+<head>
+<meta charset="utf-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0, user-scalable=no, maximum-scale=1.0">
+<me
+...[SNIP]...
+Request 3
+POST /contact/?1FhZ=1515077263 HTTP/1.1
+Host: ***.com
+Cookie: csrf_cookie_name=7921977d08d544074d45d429fdfb9958; ci_session=g6j4id1s7nv740il3cnrh7sqj5oq8gfe; _ga=GA1.2.2126658472.1615355983; _gid=GA1.2.901875414.1615355983; _gat_gtag_UA_39713116_1=1
+Upgrade-Insecure-Requests: 1
+Referer: https://***.com/
+Accept: */*
+Accept-Language: en-US,en-GB;q=0.9,en;q=0.8
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
+Cache-Control: max-age=0
+Accept-Encoding: gzip, deflate
+Content-Type: application/x-www-form-urlencoded
+Transfer-Encoding: chunked
+Content-Length: 31
+Connection: keep-alive
+f
+49vb0=x&fyxe8=x
+1
+Z
+Q
+Response 3
+HTTP/1.1 504 Gateway Time-out
+Content-Type: text/html
+Content-Length: 1033
+Connection: close
+Server: CloudFront
+Date: Wed, 10 Mar 2021 06:28:55 GMT
+X-Cache: Error from cloudfront
+Via: 1.1 ***.cloudfront.net (CloudFront)
+X-Amz-Cf-Pop: NRT51-C1
+X-Amz-Cf-Id: oybcbqhcYo6R3BvLlqWFnN_Xur_7714qhIErSVuItd0rVUBNs9IIaQ==
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
+<TITLE>ERROR
+...[SNIP]...
+```