您当前的位置:首页 > 网站建设 > 网站维护
| php | asp | css | H5 | javascript | Mysql | Dreamweaver | Delphi | 网站维护 | 帝国cms | React | 考试系统 | ajax | jQuery | 小程序 |

Nginx修复CORS漏洞的实现方法
51自学网 2025-02-05 12:16:24
  网站维护

漏洞描述

CORS 不安全配置漏洞指的是在跨域资源共享过程中,由于资源服务器的响应头 Access-Control-Allow-Origin 配置不当导致本应该受限访问的请求网站可以绕过访问控制策略读取资源服务器的数据,造成用户隐私泄露,信息窃取甚至账户劫持的危害。

漏洞细节

经过对以下目标进行扫描测试:https://xxx.com/external/

发现存在该漏洞。

发现 Access-Control-Allow-Origin 的值为 https://xxx.com.qa5bnet.cn

漏洞探测过程的请求流为
第 1 个请求为

GET /external/ HTTP/1.1Host: xxx.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: enOrigin: https://xxx.com.qa5bnet.cnSec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: noneSec-Fetch-User: ?1Upgrade-Insecure-Requests: 1Accept-Encoding: gzip

第 1 个响应为

HTTP/1.1 401 Access-Control-Allow-Methods: GET,POST,OPTIONS,PUT,DELETEAccess-Control-Allow-Origin: https://xxx.com.qa5bnet.cnConnection: keep-aliveContent-Length: 0Date: Mon, 13 Nov 2023 02:07:00 GMTWww-Authenticate: BASIC realm="application"

漏洞修复

        set $flag 0;        if ($http_origin = ''){            set $flag "${flag}1";        }        if ($http_origin !~* ^(http|https)://test/.test/.com$){            set $flag "${flag}1";        }        if ($flag = "01"){            return 403;        }        if ($http_origin ~* ^(http|https)://test/.test/.com$) {            add_header Access-Control-Allow-Origin $http_origin;            add_header Access-Control-Allow-Methods GET,POST;            add_header Access-Control-Allow-Credentials true;            add_header Access-Control-Allow-Headers DNT,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type;}

具体配置如下:

  server {        listen 80;        server_name test.test.com;        location / {            set $flag 0;                if ($http_origin = ''){                set $flag "${flag}1";            }                if ($http_origin !~* ^(http|https)://test/.test/.com$){                set $flag "${flag}1";            }                if ($flag = "01"){                return 403;            }                if ($http_origin ~* ^(http|https)://test/.test/.com$) {                add_header Access-Control-Allow-Origin $http_origin;                add_header Access-Control-Allow-Methods GET,POST;                add_header Access-Control-Allow-Credentials true;                add_header Access-Control-Allow-Headers DNT,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type;    				}                    #将IP和端口改为DataEase服务器的访问地址和端口            proxy_pass   http://192.168.110.251:81/;            server_name_in_redirect off;            # websocket 代理            proxy_http_version      1.1;            proxy_set_header        Upgrade         $http_upgrade;            proxy_set_header        Connection "upgrade";            proxy_set_header           Host $host:$server_port;            proxy_set_header           X-Real-IP $remote_addr;            proxy_set_header           X-Forwarded-For $proxy_add_x_forwarded_for;            proxy_set_header           X-Forwarded-Proto $scheme;                   }  }

下载地址:
Linux安装Docker-Compose过程
docker容器run命令设置方式
万事OK自学网:51自学网_软件自学网_CAD自学网自学excel、自学PS、自学CAD、自学C语言、自学css3实例,是一个通过网络自主学习工作技能的自学平台,网友喜欢的软件自学网站。