teratail
回答率
85.25%
質問するログイン新規登録
トップ4に関する質問HTTPリクエストスマグリング脆弱性はどうすれば解消できますか?

編集履歴

質問編集履歴

1

追記

2021/03/10 08:16

投稿

退会済みユーザー
title CHANGED
File without changes
body CHANGED
@@ -24,4 +24,154 @@
24
24
  どうすれば、Burp Suiteからこの脆弱性が検出されないようにできますか?
25
25
  例えばApacheをアップデートしたら検出されなくなったとか、PHPをアップデートしたら解決したとか、そういった解決に向けて行ったことを教えて頂けると嬉しいです。
26
26
 
27
- ご回答お待ちしております。
27
+ ご回答お待ちしております。
28
+
29
+ Apacheのバージョンは2.4.46 最新版です
30
+
31
+ Burp Suiteのレスポンス内容を掲載します
32
+
33
+ ```
34
+ Summary
35
+ Severity: High
36
+ Confidence: Firm
37
+ Host: https://***.com
38
+ Path: /contact/
39
+ Request 1
40
+ POST /contact/?1FhZ=1515077263 HTTP/1.1
41
+ Host: ***.com
42
+ Cookie: csrf_cookie_name=7921977d08d544074d45d429fdfb9958; ci_session=g6j4id1s7nv740il3cnrh7sqj5oq8gfe; _ga=GA1.2.2126658472.1615355983; _gid=GA1.2.901875414.1615355983; _gat_gtag_UA_39713116_1=1
43
+ Upgrade-Insecure-Requests: 1
44
+ Referer: https://***.com/
45
+ Accept: */*
46
+ Accept-Language: en-US,en-GB;q=0.9,en;q=0.8
47
+ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
48
+ Cache-Control: max-age=0
49
+ Accept-Encoding: gzip, deflate
50
+ Content-Type: application/x-www-form-urlencoded
51
+ Transfer-Encoding: chunked
52
+ Content-Length: 31
53
+ Connection: keep-alive
54
+
55
+ f
56
+ 49vb0=x&fyxe8=x
57
+ 1
58
+ Z
59
+ Q
60
+
61
+ Response 1
62
+ HTTP/1.1 302 Found
63
+ Content-Type: text/html; charset=UTF-8
64
+ Connection: close
65
+ Date: Wed, 10 Mar 2021 06:28:07 GMT
66
+ Server: Apache
67
+ Set-Cookie: csrf_cookie_name=7921977d08d544074d45d429fdfb9958; expires=Wed, 10-Mar-2021 08:28:06 GMT; Max-Age=7200; path=/; HttpOnly
68
+ Location: https://***.com/contact/?1FhZ=1515077263
69
+ Expires: Thu, 19 Nov 1981 08:52:00 GMT
70
+ Cache-Control: no-store, no-cache, must-revalidate
71
+ Pragma: no-cache
72
+ X-Frame-Options: SAMEORIGIN
73
+ X-XSS-Protection: 1; mode=block
74
+ X-Content-Type-Options: nosniff
75
+ X-Cache: Miss from cloudfront
76
+ Via: 1.1 ***.cloudfront.net (CloudFront)
77
+ X-Amz-Cf-Pop: NRT51-C1
78
+ X-Amz-Cf-Id: 1hLHP2aK3qg3GkLxrp0d-Wq1n8EKdfF1kl0qI4fmRof_TywjPbQzCA==
79
+ Content-Length: 15387
80
+
81
+ <!DOCTYPE HTML>
82
+ <html lang="ja">
83
+
84
+ <head>
85
+ <meta charset="utf-8">
86
+ <meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0, user-scalable=no, maximum-scale=1.0">
87
+ <me
88
+ ...[SNIP]...
89
+ Request 2
90
+ POST /contact/?GufP=341181186 HTTP/1.1
91
+ Host: ***.com
92
+ Cookie: csrf_cookie_name=7921977d08d544074d45d429fdfb9958; ci_session=g6j4id1s7nv740il3cnrh7sqj5oq8gfe; _ga=GA1.2.2126658472.1615355983; _gid=GA1.2.901875414.1615355983; _gat_gtag_UA_39713116_1=1
93
+ Upgrade-Insecure-Requests: 1
94
+ Referer: https://***.com/
95
+ Accept: */*
96
+ Accept-Language: en-US,en-GB;q=0.9,en;q=0.8
97
+ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
98
+ Cache-Control: max-age=0
99
+ Accept-Encoding: gzip, deflate
100
+ Content-Type: application/x-www-form-urlencoded
101
+ Transfer-Encoding: chunked
102
+ Content-Length: 92
103
+ Connection: keep-alive
104
+
105
+ f
106
+ ev4x4=x&9ms6a=x
107
+ 0
108
+
109
+ GET /ik64qiml4zxupxw7fi2ldrmn4ea7yy3mwqkg76vv HTTP/1.1
110
+ X-Ignore: X
111
+ Response 2
112
+ HTTP/1.1 302 Found
113
+ Content-Type: text/html; charset=UTF-8
114
+ Connection: close
115
+ Date: Wed, 10 Mar 2021 06:28:25 GMT
116
+ Server: Apache
117
+ Set-Cookie: csrf_cookie_name=7921977d08d544074d45d429fdfb9958; expires=Wed, 10-Mar-2021 08:28:25 GMT; Max-Age=7200; path=/; HttpOnly
118
+ Location: https://***.com/contact/?GufP=341181186
119
+ Expires: Thu, 19 Nov 1981 08:52:00 GMT
120
+ Cache-Control: no-store, no-cache, must-revalidate
121
+ Pragma: no-cache
122
+ X-Frame-Options: SAMEORIGIN
123
+ X-XSS-Protection: 1; mode=block
124
+ X-Content-Type-Options: nosniff
125
+ X-Cache: Miss from cloudfront
126
+ Via: 1.1 ***.cloudfront.net (CloudFront)
127
+ X-Amz-Cf-Pop: NRT51-C1
128
+ X-Amz-Cf-Id: 4dYYH9LSKzWegGYiF-EN3v1vcQe8hHnyBz5rtHvjeBNZwv91N65Pvg==
129
+ Content-Length: 15387
130
+
131
+ <!DOCTYPE HTML>
132
+ <html lang="ja">
133
+
134
+ <head>
135
+ <meta charset="utf-8">
136
+ <meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0, user-scalable=no, maximum-scale=1.0">
137
+ <me
138
+ ...[SNIP]...
139
+ Request 3
140
+ POST /contact/?1FhZ=1515077263 HTTP/1.1
141
+ Host: ***.com
142
+ Cookie: csrf_cookie_name=7921977d08d544074d45d429fdfb9958; ci_session=g6j4id1s7nv740il3cnrh7sqj5oq8gfe; _ga=GA1.2.2126658472.1615355983; _gid=GA1.2.901875414.1615355983; _gat_gtag_UA_39713116_1=1
143
+ Upgrade-Insecure-Requests: 1
144
+ Referer: https://***.com/
145
+ Accept: */*
146
+ Accept-Language: en-US,en-GB;q=0.9,en;q=0.8
147
+ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
148
+ Cache-Control: max-age=0
149
+ Accept-Encoding: gzip, deflate
150
+ Content-Type: application/x-www-form-urlencoded
151
+ Transfer-Encoding: chunked
152
+ Content-Length: 31
153
+ Connection: keep-alive
154
+
155
+ f
156
+ 49vb0=x&fyxe8=x
157
+ 1
158
+ Z
159
+ Q
160
+
161
+ Response 3
162
+ HTTP/1.1 504 Gateway Time-out
163
+ Content-Type: text/html
164
+ Content-Length: 1033
165
+ Connection: close
166
+ Server: CloudFront
167
+ Date: Wed, 10 Mar 2021 06:28:55 GMT
168
+ X-Cache: Error from cloudfront
169
+ Via: 1.1 ***.cloudfront.net (CloudFront)
170
+ X-Amz-Cf-Pop: NRT51-C1
171
+ X-Amz-Cf-Id: oybcbqhcYo6R3BvLlqWFnN_Xur_7714qhIErSVuItd0rVUBNs9IIaQ==
172
+
173
+ <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
174
+ <HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
175
+ <TITLE>ERROR
176
+ ...[SNIP]...
177
+ ```
429348378