通过 Nginx 修复 CORS 漏洞

范一刀 2024-10-05 14:37:00 阅读 71

漏洞描述

<code>CORS 不安全配置漏洞指的是在跨域资源共享过程中，由于资源服务器的响应头 Access-Control-Allow-Origin 配置不当导致本应该受限访问的请求网站可以绕过访问控制策略读取资源服务器的数据，造成用户隐私泄露，信息窃取甚至账户劫持的危害。

漏洞细节

经过对以下目标进行扫描测试：

https://xxx.com/external/

发现存在该漏洞。

发现 Access-Control-Allow-Origin 的值为 https://xxx.com.qa5bnet.cn

漏洞探测过程的请求流为

第 1 个请求为

GET /external/ HTTP/1.1

Host: xxx.com

User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9

Accept-Language: en

Origin: https://xxx.com.qa5bnet.cn

Sec-Fetch-Dest: document

Sec-Fetch-Mode: navigate

Sec-Fetch-Site: none

Sec-Fetch-User: ?1

Upgrade-Insecure-Requests: 1

Accept-Encoding: gzip

第 1 个响应为

HTTP/1.1 401

Access-Control-Allow-Methods: GET,POST,OPTIONS,PUT,DELETE

Access-Control-Allow-Origin: https://xxx.com.qa5bnet.cn

Connection: keep-alive

Content-Length: 0

Date: Mon, 13 Nov 2023 02:07:00 GMT

Www-Authenticate: BASIC realm="application"code>

`漏洞修复`

  set $flag 0;
 if ($http_origin = ''){
 set $flag "${flag}1";
 }
 if ($http_origin !~* ^(http|https)://test\.test\.com$){
 set $flag "${flag}1";
 }
 if ($flag = "01"){
 return 403;
 }
 if ($http_origin ~* ^(http|https)://test\.test\.com$) {
 add_header Access-Control-Allow-Origin $http_origin;
 add_header Access-Control-Allow-Methods GET,POST;
 add_header Access-Control-Allow-Credentials true;
 add_header Access-Control-Allow-Headers DNT,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type;
}
 
具体配置如下：
  server {
 listen 80;
 server_name test.test.com;
 location / {
 set $flag 0;
 
 if ($http_origin = ''){
 set $flag "${flag}1";
 }
 
 if ($http_origin !~* ^(http|https)://test\.test\.com$){
 set $flag "${flag}1";
 }
 
 if ($flag = "01"){
 return 403;
 }
 
 if ($http_origin ~* ^(http|https)://test\.test\.com$) {
 add_header Access-Control-Allow-Origin $http_origin;
 add_header Access-Control-Allow-Methods GET,POST;
 add_header Access-Control-Allow-Credentials true;
 add_header Access-Control-Allow-Headers DNT,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type;
 }
 
 #将IP和端口改为DataEase服务器的访问地址和端口
 proxy_pass http://192.168.110.251:81/;
 server_name_in_redirect off;
 # websocket 代理
 proxy_http_version 1.1;
 proxy_set_header Upgrade $http_upgrade;
 proxy_set_header Connection "upgrade";
 proxy_set_header Host $host:$server_port;
 proxy_set_header X-Real-IP $remote_addr;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 proxy_set_header X-Forwarded-Proto $scheme;
 
 }
 }

 
 
   上一篇： Docker的安装 
  下一篇： 关于linux的图形界面 
  本文标签 
  通过 Nginx 修复 CORS 漏洞    
 
  
  声明
  本文内容仅代表作者观点，或转载于其他网站，本站不以此文作为商业用途
 如有涉及侵权，请联系本站进行删除
 转载本站原创文章，请注明来源及作者。