add csrf

tangxiaofeng7 · tangxiaofeng7 · commit 25825ded2f9b · 2021-07-14T20:29:32.000+08:00
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
 FROM openjdk:8-jdk-alpine
 VOLUME /tmp
-COPY ./target/secexample-0.0.1-SNAPSHOT.jar app.jar
+COPY ./target/secexample-1.0.jar app.jar
 CMD ["java", "-jar", "/app.jar"]
diff --git a/README.md b/README.md
@@ -14,6 +14,7 @@ https://github.com/tangxiaofeng7/SecExample
 | ---------------------- | ---- |
 | [SQLI]         | 🌟🌟  |
 | [XSS]             | 🌟    |
+| [CSRF]             | 🌟    |
 | [SSRF]            | 🌟🌟  |
 | [CORS]             | 🌟🌟    |
 | [RCE]             | 🌟🌟  |
diff --git a/images/index.png b/images/index.png
diff --git a/pom.xml b/pom.xml
@@ -6,11 +6,11 @@
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
         <version>2.5.0</version>
-        <relativePath/> <!-- lookup parent from repository -->
+        <relativePath/>
     </parent>
     <groupId>com.suyu</groupId>
     <artifactId>secexample</artifactId>
-    <version>0.0.1-SNAPSHOT</version>
+    <version>1.0</version>
     <name>SecExample</name>
     <description>Java开发的漏洞靶场</description>
     <properties>
diff --git a/src/main/java/com/suyu/secexample/csrf/controller/csrfcontroller.java b/src/main/java/com/suyu/secexample/csrf/controller/csrfcontroller.java
@@ -1,2 +1,42 @@
-package com.suyu.secexample.csrf.controller;public class csrfcontroller {
+package com.suyu.secexample.csrf.controller;
+
+import com.alibaba.fastjson.JSON;
+import com.alibaba.fastjson.JSONObject;
+import com.suyu.secexample.csrf.model.User;
+import com.suyu.secexample.csrf.service.UsernameService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+
+@Controller
+public class csrfcontroller {
+    User user = new User();
+    @Autowired
+    private UsernameService userService;
+
+    @GetMapping("/csrf")
+    public String input() {
+        return "csrf/csrf";
+    }
+
+        @RequestMapping("/csrf")
+    public String addUser(User user1, Model model) {
+        user.setId(user1.getId());
+        user.setName(user1.getName());
+        user.setPwd(user1.getPwd());
+        userService.addUser(user);
+        return "csrf/csrf";
+    }
+
 }
+
+
+
+
+
+
+
+
diff --git a/src/main/java/com/suyu/secexample/csrf/mapper/UsernameMapper.java b/src/main/java/com/suyu/secexample/csrf/mapper/UsernameMapper.java
@@ -8,6 +8,6 @@
 
 @Mapper
 @Repository
-public interface UserMapper {
-    public List<User> addUser(User user);
+public interface UsernameMapper {
+    public void addUser(User user);
 }
diff --git a/src/main/java/com/suyu/secexample/csrf/model/User.java b/src/main/java/com/suyu/secexample/csrf/model/User.java
@@ -1,2 +1,14 @@
-package com.suyu.secexample.csrf.model;public class User {
+package com.suyu.secexample.csrf.model;
+
+import lombok.AllArgsConstructor;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@NoArgsConstructor
+@AllArgsConstructor
+public class User {
+    private int id;
+    private String name;
+    private String pwd;
 }
diff --git a/src/main/java/com/suyu/secexample/csrf/service/UsernameService.java b/src/main/java/com/suyu/secexample/csrf/service/UsernameService.java
@@ -3,6 +3,6 @@
 import com.suyu.secexample.csrf.model.User;
 import java.util.List;
 
-public interface UserService {
-    public List<User> addUser(User user);
+public interface UsernameService {
+    public void addUser(User user);
 }
diff --git a/src/main/java/com/suyu/secexample/csrf/service/impl/UsernameServiceImpl.java b/src/main/java/com/suyu/secexample/csrf/service/impl/UsernameServiceImpl.java
@@ -1,21 +1,20 @@
 package com.suyu.secexample.csrf.service.impl;
 
-
-import com.suyu.secexample.csrf.mapper.UserMapper;
+import com.suyu.secexample.csrf.mapper.UsernameMapper;
 import com.suyu.secexample.csrf.model.User;
-import com.suyu.secexample.csrf.service.UserService;
+import com.suyu.secexample.csrf.service.UsernameService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
 import java.util.List;
 
 @Service
-public class UserServiceImpl implements UserService {
+public class UsernameServiceImpl implements UsernameService {
     @Autowired
-    private UserMapper userMapper;
+    private UsernameMapper usernameMapper;
 
     @Override
-    public List<User> addUser(User user) {
-        return userMapper.addUser(user);
+    public void addUser(User user) {
+        usernameMapper.addUser(user);
     }
 }
diff --git a/src/main/java/com/suyu/secexample/fastjson/controller/fastjsoncontroller.java b/src/main/java/com/suyu/secexample/fastjson/controller/fastjsoncontroller.java
@@ -13,14 +13,6 @@ public class fastjsoncontroller {
 
     @GetMapping("/fastjson")
     public String input(){
-//
-//        User user = new User();
-//        user.setAge("18");
-//        user.setUsername("txf");
-//        String ser1 = JSON.toJSONString(user);
-//        System.out.println(ser1);
-//        String ser2 = JSON.toJSONString(user, SerializerFeature.WriteClassName);
-//        System.out.println(ser2);
         return "fastjson/fastjson";
     }
 
diff --git a/src/main/resources/mapper/UserMapper.xml b/src/main/resources/mapper/UserMapper.xml
@@ -8,25 +8,18 @@
         select * from mybatis.user;
     </select>
 
-
-<!--    <select id="listUserByName" parameterType="com.suyu.secexample.sql.dao.pojo.UserQuery" resultType="com.suyu.secexample.sql.dao.User">-->
-<!--        select * from mybatis.user-->
-<!--        <where>-->
-<!--            <if test="name != null and name != ''">-->
-<!--                and `name` like concat('%',#{name},'%')-->
-<!--            </if>-->
-<!--        </where>-->
-<!--    </select>-->
-
-<!--    <select id="listUserByName" parameterType="com.suyu.secexample.sql.dao.pojo.UserQuery" resultType="com.suyu.secexample.sql.dao.User">-->
-<!--        select * from mybatis.user where name = #{name}-->
-<!--    </select>-->
     <select id="listUserByName" parameterType="com.suyu.secexample.sql.dao.pojo.UserQuery" resultType="com.suyu.secexample.sql.dao.User">
         select * from mybatis.user
             <where>
                 <if test="name != null and name != ''">
-                    name = ${name}
+                    name ='${name}'
                 </if>
             </where>
     </select>
+
+    <insert id="addUser" parameterType="com.suyu.secexample.csrf.model.User">
+        insert into user(id,name,pwd)
+        values (#{id},#{name},#{pwd})
+    </insert>
+
 </mapper>
diff --git a/src/main/resources/mapper/UsernameMapper.xml b/src/main/resources/mapper/UsernameMapper.xml
@@ -3,7 +3,7 @@
         PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
         "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
 
-<mapper namespace="com.suyu.secexample.csrf.mapper.UserMapper">
+<mapper namespace="com.suyu.secexample.csrf.mapper.UsernameMapper">
     <insert id="addUser" parameterType="com.suyu.secexample.csrf.model.User">
         insert into user(id,name,pwd)
         values (#{id},#{name},#{pwd})
diff --git a/src/main/resources/templates/csrf/csrf.html b/src/main/resources/templates/csrf/csrf.html
@@ -1,10 +1,59 @@
 <!DOCTYPE html>
-<html lang="en">
+<html lang="en" xmlns:th="http://www.thymeleaf.org">
 <head>
   <meta charset="UTF-8">
-  <title>$Title$</title>
+  <title>Java漏洞靶场</title>
+  <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/semantic-ui@2.4.2/dist/semantic.min.css">
+  <script src="https://cdn.bootcdn.net/ajax/libs/jquery/3.6.0/jquery.js"></script>
 </head>
+
+
 <body>
-$END$
+
+<div style="padding: 40px;
+    text-align: center;
+    background: #1abc9c;
+    color: white;">
+  <h1>Java漏洞演示平台</h1>
+  <button class="ui inverted secondary basic button"><a style="color: white" th:href="home">回到首页</a></button>
+</div>
+
+<div style="text-align: center;margin: 0px auto;
+     margin-top: 50px;">
+  <input id="id" type="text" placeholder="请输入id"><br><br>
+  <input id="name" type="text" placeholder="请输入用户名"><br><br>
+  <input id="pwd" type="password" placeholder="请输入密码"><br><br>
+  <input id="start" type="submit" value="注册">
+  <p></p>
+</div>
+
+<script>
+$("#start").click(function () {
+        var user= {
+        "id" : $("#id").val(),
+        "name" : $("#name").val(),
+        "pwd" : $("#pwd").val()
+        };
+        $.ajax({
+            type : "POST",
+            async : true,
+            contentType: "application/x-www-form-urlencoded; charset=utf-8",
+            data : user,
+            success : function(){
+　　　　　　      alert('注册成功');
+                window.location.href ="../csrf";
+            },
+            error : function(){
+　　　　　　      alert('注册失败');
+                window.location.href ="../csrf";
+            },
+        })
+    }
+);
+
+<!--</script>-->
+
+
 </body>
-</html>
+</html>
+
diff --git a/src/main/resources/templates/csrf/csrfoutput.html b/src/main/resources/templates/csrf/csrfoutput.html
@@ -1,10 +1,23 @@
 <!DOCTYPE html>
-<html lang="en">
+<html lang="en" xmlns:th="http://www.thymeleaf.org">
 <head>
-  <meta charset="UTF-8">
-  <title>$Title$</title>
+    <meta charset="UTF-8">
+    <title>Java漏洞靶场</title>
+    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/semantic-ui@2.4.2/dist/semantic.min.css">
 </head>
 <body>
-$END$
+
+<div style="padding: 40px;
+    text-align: center;
+    background: #1abc9c;
+    color: white;">
+    <h1>Java漏洞演示平台</h1>
+    <button class="ui inverted secondary basic button"><a style="color: white" th:href="home">回到首页</a></button>
+</div>
+
+<!--<div style="text-align: center;margin: 0px auto;-->
+<!--     margin-top: 50px;">结果为：<p th:text="${result.username}"></p>今年<p th:text="${result.age}"></p>岁-->
+
+<!--</div>-->
 </body>
-</html>
+</html>
diff --git a/src/main/resources/templates/index.html b/src/main/resources/templates/index.html
@@ -33,6 +33,14 @@ <h1>Java漏洞演示平台</h1>
         </div>
         <a  class="ui bottom attached button" th:href="@{/xss}" ><i class="add icon"></i>测试漏洞</a>
 
+    </div>
+    <div class="card">
+        <div class="content">
+            <div class="header">CSRF漏洞</div>
+            <div class="description">CSRF(Cross-site request forgery):CSRF，跨站请求伪造，在受害者通过浏览器登录某个恶意URL的时候，通过伪造请求达到跨站请求伪造（常见于商城类网站或者自己开发的会员系统）</div>
+        </div>
+        <a  class="ui bottom attached button" th:href="@{/csrf}" ><i class="add icon"></i>测试漏洞</a>
+
     </div>
     <div class="card">
         <div class="content">
diff --git a/src/main/resources/templates/sql/sql.html b/src/main/resources/templates/sql/sql.html
@@ -26,9 +26,9 @@ <h1>Java漏洞演示平台</h1>
             <input type="submit" value="搜索">
         </form>
         <p></p>
-        <p>提示</p>
-        <p>"txf" and "1"="1"</p>
-        <p>"txf" and "1"="2"</p>
+<!--        <p>提示</p>-->
+<!--        <p>"txf" and "1"="1"</p>-->
+<!--        <p>"txf" and "1"="2"</p>-->
     </div>
     <table class="ui celled table" style="margin-top: 40px">
         <thead>

Original file line number	Diff line number	Diff line change
`@@ -8,6 +8,6 @@`
`8`	`8`
`9`	`9`	`@Mapper`
`10`	`10`	`@Repository`
`11`		`-public interface UserMapper {`
`12`		`- public List<User> addUser(User user);`
	`11`	`+public interface UsernameMapper {`
	`12`	`+ public void addUser(User user);`
`13`	`13`	`}`
Original file line number	Diff line number	Diff line change
`@@ -3,6 +3,6 @@`
`3`	`3`	`import com.suyu.secexample.csrf.model.User;`
`4`	`4`	`import java.util.List;`
`5`	`5`
`6`		`-public interface UserService {`
`7`		`- public List<User> addUser(User user);`
	`6`	`+public interface UsernameService {`
	`7`	`+ public void addUser(User user);`
`8`	`8`	`}`