{"id":12089,"date":"2021-06-19T18:10:53","date_gmt":"2021-06-19T13:40:53","guid":{"rendered":"https:\/\/liangroup.net\/blog\/?p=12089"},"modified":"2022-02-13T17:10:41","modified_gmt":"2022-02-13T13:40:41","slug":"csrf","status":"publish","type":"post","link":"https:\/\/liangroup.net\/blog\/csrf\/","title":{"rendered":"\u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc CSRF \u0686\u06cc\u0633\u062a\u061f"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"12089\" class=\"elementor elementor-12089\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-9771c34 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"9771c34\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-e235734\" data-id=\"e235734\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-227b48a elementor-widget elementor-widget-text-editor\" data-id=\"227b48a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"text-align: justify;\">\u062f\u0631 \u0627\u06cc\u0646 \u0645\u0642\u0627\u0644\u0647 \u0645\u06cc\u200c\u0622\u0645\u0648\u0632\u06cc\u0645 \u06a9\u0647 <em><strong>\u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc CSRF<\/strong><\/em> (\u06a9\u0648\u062a\u0627\u0647\u200c\u0634\u062f\u0647\u200c\u06cc <strong>Cross-Site Request Forgery<\/strong> \u06cc\u0627 <strong>\u062c\u0639\u0644 \u062f\u0631\u062e\u0648\u0627\u0633\u062a \u0645\u06cc\u0627\u0646\u200c\u0648\u0628\u06af\u0627\u0647\u06cc<\/strong>) \u0686\u06cc\u0633\u062a\u061f \u0686\u0646\u062f \u0645\u0648\u0631\u062f \u0627\u0632 \u0646\u0645\u0648\u0646\u0647\u200c\u0647\u0627\u06cc \u0631\u0627\u06cc\u062c \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc CSRF \u0631\u0627 \u062a\u0634\u0631\u06cc\u062d \u0645\u06cc\u200c\u06a9\u0646\u06cc\u0645\u060c \u0648 \u0646\u062d\u0648\u0647 \u062c\u0644\u0648\u06af\u06cc\u0631\u06cc \u0627\u0632 \u062d\u0645\u0644\u0627\u062a CSRF \u0631\u0627 \u062a\u0648\u0636\u06cc\u062d \u0645\u06cc\u200c\u062f\u0647\u06cc\u0645.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-489d289 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"489d289\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-2e4cc85\" data-id=\"2e4cc85\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-e185250 elementor-widget elementor-widget-text-editor\" data-id=\"e185250\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-size: 14pt;\"><strong>\u062c\u0648\u0627\u0628 \u0633\u0648\u0627\u0644 \u062e\u0648\u062f \u0631\u0627 \u067e\u06cc\u062f\u0627 \u06a9\u0646\u06cc\u062f:<\/strong><\/span><\/p><ul><li><a href=\"#waht-is-csrf\"><strong>CSRF \u0686\u06cc\u0633\u062a\u061f<\/strong><\/a><\/li><li><a href=\"#csrf-attack-boundry\"><strong>\u062f\u0627\u0645\u0646\u0647 \u062a\u0627\u062b\u06cc\u0631\u0627\u062a \u06cc\u06a9 \u062d\u0645\u0644\u0647 CSRF \u0686\u06cc\u0633\u062a\u061f<\/strong><\/a><\/li><li><a href=\"#how-csrf-works\"><strong>\u062d\u0645\u0644\u0647 CSRF \u0686\u06af\u0648\u0646\u0647 \u06a9\u0627\u0631 \u0645\u06cc\u200c\u06a9\u0646\u062f\u061f<\/strong><\/a><\/li><li><a href=\"#csrf-exploit-with-burp-suite\"><strong>\u0646\u062d\u0648\u0647 \u0633\u0627\u062e\u062a\u0646 \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a CSRF \u0628\u0627 Burp Suite<\/strong><\/a><\/li><li><a href=\"#csrf-exploit-move\"><strong>\u0646\u062d\u0648\u0647 \u0627\u0646\u062a\u0642\u0627\u0644 \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a CSRF<\/strong><\/a><\/li><li><a href=\"#csrf-attack-prevention\"><strong>\u062c\u0644\u0648\u06af\u06cc\u0631\u06cc \u0627\u0632 \u062d\u0645\u0644\u0627\u062a CSRF<\/strong><\/a><\/li><li><a href=\"#csrf-regular-vulnerabilities\"><strong>\u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc \u0631\u0627\u06cc\u062c CSRF<\/strong><\/a><\/li><li><a href=\"#referer-defense\"><strong>\u0631\u0648\u0634\u200c\u0647\u0627\u06cc \u062f\u0641\u0627\u0639\u06cc \u0645\u0628\u062a\u0646\u06cc\u200c\u0628\u0631 Referer \u0628\u0631\u0627\u06cc \u062c\u0644\u0648\u06af\u06cc\u0631\u06cc \u0627\u0632 CSRF<\/strong><\/a><\/li><li><a href=\"#xss-vs-csrf\"><strong>\u062a\u0641\u0627\u0648\u062a XSS \u0648 CSRF \u0686\u06cc\u0633\u062a\u061f<\/strong><\/a><\/li><li><a href=\"#can-we-stop-xss-with-csrf\"><strong>\u0622\u06cc\u0627 \u0628\u0627 \u062a\u0648\u06a9\u0646\u200c\u0647\u0627\u06cc CSRF \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u062c\u0644\u0648\u06cc \u062d\u0645\u0644\u0627\u062a XSS \u0631\u0627 \u06af\u0631\u0641\u062a\u061f<\/strong><\/a><\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-c891101 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"c891101\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-f833382\" data-id=\"f833382\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-fcf15f9 elementor-widget elementor-widget-text-editor\" data-id=\"fcf15f9\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2 id=\"waht-is-csrf\" style=\"text-align: justify;\"><strong>CSRF<\/strong><strong> \u0686\u06cc\u0633\u062a\u061f<\/strong><\/h2><p style=\"text-align: justify;\">\u062c\u0639\u0644 \u062f\u0631\u062e\u0648\u0627\u0633\u062a \u0641\u0631\u0627\u0648\u0628\u06af\u0627\u0647\u06cc \u06cc\u0627 CSRF (\u06a9\u0647 \u0628\u0647 \u0622\u0646 XSRF \u0647\u0645 \u06af\u0641\u062a\u0647 \u0645\u06cc\u200c\u0634\u0648\u062f) \u06cc\u06a9 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0648\u0628 \u0627\u0633\u062a \u06a9\u0647 \u0645\u0647\u0627\u062c\u0645 \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0622\u0646 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u06a9\u0627\u0631\u06cc \u06a9\u0646\u062f \u06a9\u0647 \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u0627\u0642\u062f\u0627\u0645\u0627\u062a\u06cc \u0631\u0627 \u0627\u0646\u062c\u0627\u0645 \u062f\u0647\u0646\u062f \u06a9\u0647 \u0642\u0635\u062f \u0627\u0646\u062c\u0627\u0645 \u0622\u0646\u200c\u0647\u0627 \u0631\u0627 \u0646\u062f\u0627\u0634\u062a\u0647\u200c\u0627\u0646\u062f. \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0628\u0647 \u06cc\u06a9 \u0645\u0647\u0627\u062c\u0645 \u0627\u062c\u0627\u0632\u0647 \u0645\u06cc\u200c\u062f\u0647\u062f\u060c \u062a\u0627 \u062d\u062f\u06cc <a href=\"https:\/\/liangroup.net\/blog\/what-is-sop\/\"><strong>\u0633\u06cc\u0627\u0633\u062a SOP<\/strong><\/a> \u0631\u0627 \u062f\u0648\u0631 \u0628\u0632\u0646\u0646\u062f. \u0633\u06cc\u0627\u0633\u062a SOP (\u06a9\u0648\u062a\u0627\u0647\u200c\u0634\u062f\u0647 Same Origin Policy) \u06cc\u0627 \u0633\u06cc\u0627\u0633\u062a \u0645\u0628\u062f\u0623 \u0645\u0634\u062a\u0631\u06a9\u060c \u0628\u0647 \u0645\u0646\u0638\u0648\u0631 \u062c\u0644\u0648\u06af\u06cc\u0631\u06cc \u0627\u0632 \u0633\u0631\u0642\u062a \u062f\u0627\u062f\u0647 \u0628\u0627 \u0627\u0631\u0633\u0627\u0644 \u062f\u0631\u062e\u0648\u0627\u0633\u062a\u200c\u0647\u0627\u06cc Cross-Origin (\u0645\u06cc\u0627\u0646\u200c\u0648\u0628\u200c\u06af\u0627\u0647\u06cc) \u0637\u0631\u0627\u062d\u06cc \u0634\u062f\u0647 \u0627\u0633\u062a.\u00a0<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-60f0ccc elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"60f0ccc\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-82cc903\" data-id=\"82cc903\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-4073e94 elementor-widget elementor-widget-image\" data-id=\"4073e94\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"780\" height=\"439\" src=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/06\/1-3.png\" class=\"attachment-large size-large wp-image-12091\" alt=\"csrf\" srcset=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/06\/1-3.png 781w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/06\/1-3-300x169.png 300w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/06\/1-3-768x433.png 768w\" sizes=\"(max-width: 780px) 100vw, 780px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-228bb7d elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"228bb7d\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-9efa9db\" data-id=\"9efa9db\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-897f5e6 elementor-widget elementor-widget-text-editor\" data-id=\"897f5e6\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2 id=\"csrf-attack-boundry\" style=\"direction: rtl;\"><strong>\u062f\u0627\u0645\u0646\u0647 \u062a\u0627\u062b\u06cc\u0631\u0627\u062a \u06cc\u06a9 \u062d\u0645\u0644\u0647 <\/strong><strong>CSRF<\/strong><strong> \u0686\u06cc\u0633\u062a\u061f<\/strong><\/h2><p style=\"text-align: justify;\">\u062f\u0631 \u06cc\u06a9 \u062d\u0645\u0644\u0647 \u0645\u0648\u0641\u0642 CSRF\u060c \u0645\u0647\u0627\u062c\u0645 \u0628\u0627\u0639\u062b \u0645\u06cc\u200c\u0634\u0648\u062f \u06a9\u0627\u0631\u0628\u0631 \u0642\u0631\u0628\u0627\u0646\u06cc\u060c \u0627\u0642\u062f\u0627\u0645\u0627\u062a\u06cc \u0631\u0627 \u0628\u0647 \u0635\u0648\u0631\u062a \u0646\u0627\u062e\u0648\u0627\u0633\u062a\u0647 \u0627\u0646\u062c\u0627\u0645 \u062f\u0647\u062f. \u0645\u062b\u0644\u0627 \u0645\u0647\u0627\u062c\u0645 \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u0622\u062f\u0631\u0633 \u0627\u06cc\u0645\u06cc\u0644 \u062d\u0633\u0627\u0628\u200c\u0647\u0627\u06cc \u0642\u0631\u0628\u0627\u0646\u06cc \u0631\u0627 \u0639\u0648\u0636 \u06a9\u0646\u062f\u060c \u067e\u0633\u0648\u0631\u062f \u0627\u0648 \u0631\u0627 \u062a\u063a\u06cc\u06cc\u0631 \u062f\u0647\u062f\u060c \u06cc\u0627 \u062d\u062a\u06cc \u0645\u0628\u0644\u063a\u06cc \u0631\u0627 \u0627\u0632 \u062d\u0633\u0627\u0628 \u0627\u0648 \u0627\u0646\u062a\u0642\u0627\u0644 \u062f\u0647\u062f. \u0628\u0633\u062a\u0647 \u0628\u0647 \u0646\u0648\u0639 \u0627\u0642\u062f\u0627\u0645\u0627\u062a \u0627\u0646\u062c\u0627\u0645\u200c\u0634\u062f\u0647\u060c \u0647\u06a9\u0631 \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u06a9\u0646\u062a\u0631\u0644 \u06a9\u0627\u0645\u0644 \u062d\u0633\u0627\u0628 \u06a9\u0627\u0631\u0628\u0631 \u0631\u0627 \u0628\u0647 \u062f\u0633\u062a \u06af\u06cc\u0631\u062f. \u0627\u06af\u0631 \u06a9\u0627\u0631\u0628\u0631 \u0647\u062f\u0641 \u06cc\u06a9 <a href=\"https:\/\/liangroup.net\/blog\/what-is-pam\/\"><strong>\u062d\u0633\u0627\u0628 privileged<\/strong><\/a> \u062f\u0631 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u062f\u060c \u0645\u0647\u0627\u062c\u0645 \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u0628\u062a\u0648\u0627\u0646\u062f \u06a9\u0646\u062a\u0631\u0644 \u062a\u0645\u0627\u0645 \u062f\u0627\u062f\u0647\u200c\u0647\u0627 \u0648 \u06a9\u0627\u0631\u06a9\u0631\u062f\u0647\u0627\u06cc \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0631\u0627 \u0628\u0647 \u062f\u0633\u062a \u06af\u06cc\u0631\u062f.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-7b486ad elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"7b486ad\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-8541f06\" data-id=\"8541f06\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-33cad79 elementor-widget elementor-widget-accordion\" data-id=\"33cad79\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"accordion.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-accordion\">\n\t\t\t\t\t\t\t<div class=\"elementor-accordion-item\">\n\t\t\t\t\t<div id=\"elementor-tab-title-5431\" class=\"elementor-tab-title\" data-tab=\"1\" role=\"button\" aria-controls=\"elementor-tab-content-5431\" aria-expanded=\"false\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-accordion-icon elementor-accordion-icon-right\" aria-hidden=\"true\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-accordion-icon-closed\"><i class=\"fas fa-plus\"><\/i><\/span>\n\t\t\t\t\t\t\t\t<span class=\"elementor-accordion-icon-opened\"><i class=\"fas fa-minus\"><\/i><\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t<a class=\"elementor-accordion-title\" tabindex=\"0\">\u0645\u0637\u0644\u0628 \u0645\u0634\u0627\u0628\u0647<\/a>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t<div id=\"elementor-tab-content-5431\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"1\" role=\"region\" aria-labelledby=\"elementor-tab-title-5431\"><ul><li><a href=\"https:\/\/liangroup.net\/blog\/what-is-xss-vulnerability\/\"><strong>\u062d\u0645\u0644\u0647 XSS \u06cc\u0627 Cross-Site Scripting \u0686\u06cc\u0633\u062a\u061f<\/strong><\/a><\/li><\/ul><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-76a90ac elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"76a90ac\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-54b4755\" data-id=\"54b4755\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-aaa11f1 elementor-widget elementor-widget-text-editor\" data-id=\"aaa11f1\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2 id=\"how-csrf-works\" style=\"text-align: justify;\"><strong>\u062d\u0645\u0644\u0647 <\/strong><strong>CSRF<\/strong><strong> \u0686\u06af\u0648\u0646\u0647 \u06a9\u0627\u0631 \u0645\u06cc\u200c\u06a9\u0646\u062f\u061f<\/strong><\/h2><p style=\"text-align: justify;\">\u0628\u0631\u0627\u06cc \u0627\u06cc\u0646 \u06a9\u0647 \u06cc\u06a9 \u062d\u0645\u0644\u0647 CSRF \u0627\u0645\u06a9\u0627\u0646\u200c\u067e\u0630\u06cc\u0631 \u0628\u0627\u0634\u062f\u060c \u0633\u0647 \u0634\u0631\u0637 \u06a9\u0644\u06cc\u062f\u06cc \u0628\u0627\u06cc\u062f \u0628\u0631\u0622\u0648\u0631\u062f\u0647 \u0634\u0648\u0646\u062f:<\/p><ul style=\"text-align: justify;\"><li><strong>\u0627\u0642\u062f\u0627\u0645 \u0645\u0637\u0644\u0648\u0628 \u0645\u0647\u0627\u062c\u0645: <\/strong>\u0627\u0642\u062f\u0627\u0645\u06cc \u062f\u0627\u062e\u0644 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u06a9\u0647 \u0645\u0647\u0627\u062c\u0645 \u062f\u0644\u06cc\u0644\u06cc \u0628\u0631\u0627\u06cc \u0627\u0646\u062c\u0627\u0645 \u0622\u0646 \u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u062f. \u0645\u062b\u0644\u0627 \u06cc\u06a9 \u0627\u0642\u062f\u0627\u0645 privileged (\u0645\u062b\u0644 \u062a\u063a\u06cc\u06cc\u0631\u062f\u0627\u062f\u0646 \u0645\u062c\u0648\u0632\u0647\u0627\u06cc \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u062f\u06cc\u06af\u0631) \u06cc\u0627 \u0647\u0631\u06af\u0648\u0646\u0647 \u0627\u0642\u062f\u0627\u0645\u06cc \u06a9\u0647 \u0631\u0648\u06cc \u062f\u0627\u062f\u0647\u200c\u0647\u0627\u06cc \u062e\u0627\u0635 \u06cc\u06a9 \u06a9\u0627\u0631\u0628\u0631 \u0627\u0646\u062c\u0627\u0645 \u0634\u0648\u062f (\u0645\u062b\u0644 \u0639\u0648\u0636\u200c\u06a9\u0631\u062f\u0646 \u067e\u0633\u0648\u0631\u062f \u062e\u0648\u062f \u06a9\u0627\u0631\u0628\u0631).<\/li><li><strong>\u0627\u062f\u0627\u0631\u0647 \u0633\u0634\u0646 \u0628\u0631 \u0645\u0628\u0646\u0627\u06cc \u06a9\u0648\u06a9\u06cc\u200c\u0647\u0627:<\/strong> \u0628\u0631\u0627\u06cc \u0627\u0646\u062c\u0627\u0645 \u0627\u0642\u062f\u0627\u0645\u0627\u062a \u0645\u062e\u062a\u0644\u0641 \u0644\u0627\u0632\u0645 \u0627\u0633\u062a \u06cc\u06a9 \u06cc\u0627 \u0686\u0646\u062f \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a HTTP \u0627\u0631\u0633\u0627\u0644 \u0634\u0648\u0646\u062f\u060c \u0648 \u0628\u0631\u0627\u06cc \u0627\u06cc\u0646 \u06a9\u0647 \u0627\u0645\u06a9\u0627\u0646 \u0627\u0646\u062c\u0627\u0645 \u062d\u0645\u0644\u0647 CSRF \u0648\u062c\u0648\u062f \u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u062f\u060c \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0628\u0627\u06cc\u062f \u0628\u0631\u0627\u06cc \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u06a9\u0627\u0631\u0628\u0631\u06cc \u06a9\u0647 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a \u0631\u0627 \u0627\u0631\u0633\u0627\u0644 \u06a9\u0631\u062f\u0647\u060c \u0641\u0642\u0637 \u0648 \u0641\u0642\u0637 \u0628\u0647 \u06a9\u0648\u06a9\u06cc\u200c\u0647\u0627\u06cc \u0633\u0634\u0646 (\u0646\u0634\u0633\u062a) \u0648\u0627\u0628\u0633\u062a\u0647 \u0628\u0627\u0634\u062f\u060c \u0648 \u0647\u06cc\u0686 \u0645\u06a9\u0627\u0646\u06cc\u0632\u0645 \u062f\u06cc\u06af\u0631\u06cc \u0628\u0631\u0627\u06cc \u0631\u062f\u06cc\u0627\u0628\u06cc \u0633\u0634\u0646\u200c\u0647\u0627 \u06cc\u0627 \u0627\u0639\u062a\u0628\u0627\u0631\u0633\u0646\u062c\u06cc \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a\u200c\u0647\u0627\u06cc \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u0648\u062c\u0648\u062f \u0646\u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u062f.<\/li><li><strong>\u0642\u0627\u0628\u0644 \u067e\u06cc\u0634\u200c\u0628\u06cc\u0646\u06cc\u200c\u0628\u0648\u062f\u0646 \u062a\u0645\u0627\u0645\u06cc \u067e\u0627\u0631\u0627\u0645\u062a\u0631\u0647\u0627\u06cc \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a:<\/strong> \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a\u200c\u0647\u0627\u06cc\u06cc \u06a9\u0647 \u0627\u0642\u062f\u0627\u0645 \u0645\u0648\u0631\u062f \u0646\u0638\u0631 \u0631\u0627 \u0627\u0646\u062c\u0627\u0645 \u0645\u06cc\u200c\u062f\u0647\u0646\u062f\u060c \u0646\u0628\u0627\u06cc\u062f \u062d\u0627\u0648\u06cc \u0647\u06cc\u0686\u200c\u06af\u0648\u0646\u0647 \u067e\u0627\u0631\u0627\u0645\u062a\u0631\u06cc \u0628\u0627\u0634\u0646\u062f \u06a9\u0647 \u0645\u0647\u0627\u062c\u0645 \u0646\u062a\u0648\u0627\u0646\u062f \u0622\u0646\u200c\u0647\u0627 \u0631\u0627 \u062a\u0639\u06cc\u06cc\u0646 \u06a9\u0646\u062f \u06cc\u0627 \u062d\u062f\u0633 \u0628\u0632\u0646\u062f. \u0628\u0631\u0627\u06cc \u0645\u062b\u0627\u0644\u060c \u0647\u0646\u06af\u0627\u0645\u06cc \u06a9\u0647 \u0645\u0647\u0627\u062c\u0645 \u0633\u0639\u06cc \u0645\u06cc\u200c\u06a9\u0646\u062f \u06a9\u0627\u0631\u0628\u0631 \u0631\u0627 \u0648\u0627\u062f\u0627\u0631 \u0628\u0647 \u062a\u0639\u0648\u06cc\u0636 \u067e\u0633\u0648\u0631\u062f\u0634 \u06a9\u0646\u062f\u060c \u0627\u06af\u0631 \u0644\u0627\u0632\u0645 \u0628\u0627\u0634\u062f \u06a9\u0647 \u0645\u0647\u0627\u062c\u0645 \u0645\u0642\u062f\u0627\u0631 \u067e\u0633\u0648\u0631\u062f \u0641\u0639\u0644\u06cc \u0631\u0627 \u0628\u062f\u0627\u0646\u062f\u060c \u06a9\u0627\u0631\u0628\u0631 \u0646\u0633\u0628\u062a \u0628\u0647 \u062a\u063a\u06cc\u06cc\u0631 \u0646\u0627\u062e\u0648\u0627\u0633\u062a\u0647 \u067e\u0633\u0648\u0631\u062f \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631 \u0646\u062e\u0648\u0627\u0647\u062f \u0628\u0648\u062f.<\/li><\/ul><p style=\"text-align: justify;\">\u0628\u0631\u0627\u06cc \u0645\u062b\u0627\u0644\u060c \u0641\u0631\u0636 \u06a9\u0646\u06cc\u062f \u06cc\u06a9 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u062f\u0627\u062e\u0644 \u062e\u0648\u062f \u0642\u0627\u0628\u0644\u06cc\u062a\u06cc \u062f\u0627\u0631\u062f \u06a9\u0647 \u0628\u0647 \u06a9\u0627\u0631\u0628\u0631 \u0627\u062c\u0627\u0632\u0647 \u0645\u06cc\u200c\u062f\u0647\u062f \u0622\u062f\u0631\u0633 \u0627\u06cc\u0645\u06cc\u0644 \u062d\u0633\u0627\u0628 \u062e\u0648\u062f \u0631\u0627 \u062a\u063a\u06cc\u06cc\u0631 \u062f\u0647\u062f. \u0648\u0642\u062a\u06cc \u06cc\u06a9 \u06a9\u0627\u0631\u0628\u0631 \u0627\u06cc\u0646 \u0627\u0642\u062f\u0627\u0645 \u0631\u0627 \u0627\u0646\u062c\u0627\u0645 \u0645\u06cc\u200c\u062f\u0647\u062f\u060c \u06cc\u06a9 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a HTTP \u0634\u0628\u06cc\u0647 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a \u0632\u06cc\u0631 \u0627\u0631\u0633\u0627\u0644 \u0645\u06cc\u200c\u06a9\u0646\u062f:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-843800f elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"843800f\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-7644ceb\" data-id=\"7644ceb\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-ba7da49 elementor-widget elementor-widget-text-editor\" data-id=\"ba7da49\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"direction: ltr; text-align: left;\"><span style=\"color: #ffffff;\">POST \/email\/change HTTP\/1.1\u00a0<\/span><\/p><p style=\"direction: ltr; text-align: left;\"><span style=\"color: #ffffff;\">Host: vulnerable-website.com\u00a0\u00a0<\/span><\/p><p style=\"direction: ltr; text-align: left;\"><span style=\"color: #ffffff;\">Content-Type: application\/x-www-form-urlencoded\u00a0<\/span><\/p><p style=\"direction: ltr; text-align: left;\"><span style=\"color: #ffffff;\">Content-Length: 30\u00a0 \u00a0<\/span><\/p><p style=\"direction: ltr; text-align: left;\"><span style=\"color: #ffffff;\">Cookie: session=yvthwsztyeQkAPzeQ5gHgTvlyxHfsAfE\u00a0 \u00a0<\/span><\/p><p style=\"direction: ltr; text-align: left;\"><span style=\"color: #ffffff;\"><a style=\"color: #ffffff;\" href=\"mailto:email=wiener@normal-user.com\">email=wiener@normal-user.com<\/a><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-39f987f elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"39f987f\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-5fc6096\" data-id=\"5fc6096\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-2e80bc9 elementor-widget elementor-widget-text-editor\" data-id=\"2e80bc9\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"text-align: justify;\">\u0627\u06cc\u0646 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a \u0634\u0631\u0627\u06cc\u0637 \u0644\u0627\u0632\u0645 \u0628\u0631\u0627\u06cc CSRF \u0631\u0627 \u062f\u0627\u0631\u062f:<\/p><ul style=\"text-align: justify;\"><li>\u0627\u0642\u062f\u0627\u0645 \u062a\u063a\u06cc\u06cc\u0631 \u0622\u062f\u0631\u0633 \u0627\u06cc\u0645\u06cc\u0644 \u0631\u0648\u06cc \u06cc\u06a9\u06cc \u0627\u0632 \u062d\u0633\u0627\u0628\u200c\u0647\u0627\u06cc \u06a9\u0627\u0631\u0628\u0631\u060c \u0627\u0642\u062f\u0627\u0645\u06cc \u0645\u0637\u0644\u0648\u0628 \u0645\u0647\u0627\u062c\u0645 \u0627\u0633\u062a. \u067e\u0633 \u0627\u0632 \u0627\u06cc\u0646 \u0627\u0642\u062f\u0627\u0645\u060c \u0645\u0647\u0627\u062c\u0645 \u0645\u0639\u0645\u0648\u0644\u0627 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u067e\u0633\u0648\u0631\u062f \u0631\u0627 \u0631\u06cc\u0633\u062a \u06a9\u0646\u062f \u0648 \u06a9\u0646\u062a\u0631\u0644 \u06a9\u0627\u0645\u0644 \u062d\u0633\u0627\u0628 \u06a9\u0627\u0631\u0628\u0631 \u0631\u0627 \u0628\u0647 \u062f\u0633\u062a \u0628\u06af\u06cc\u0631\u062f.<\/li><li>\u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0628\u0631\u0627\u06cc \u0646\u0634\u0627\u0646\u200c\u062f\u0627\u062f\u0646 \u0627\u06cc\u0646 \u06a9\u0647 \u06a9\u062f\u0627\u0645 \u06a9\u0627\u0631\u0628\u0631 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a \u0631\u0627 \u0627\u0631\u0633\u0627\u0644 \u06a9\u0631\u062f\u0647\u060c \u0627\u0632 \u06cc\u06a9 \u06a9\u0648\u06a9\u06cc \u0633\u0634\u0646 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u06a9\u0646\u062f. \u0647\u06cc\u0686 \u062a\u0648\u06a9\u0646 \u06cc\u0627 \u0645\u06a9\u0627\u0646\u06cc\u0632\u0645 \u062f\u06cc\u06af\u0631\u06cc \u0628\u0631\u0627\u06cc \u0631\u062f\u06cc\u0627\u0628\u06cc \u0633\u0634\u0646\u200c\u0647\u0627\u06cc \u06a9\u0627\u0631\u0628\u0631\u06cc \u0648\u062c\u0648\u062f \u0646\u062f\u0627\u0631\u062f.<\/li><li>\u0645\u0647\u0627\u062c\u0645 \u0628\u0647 \u0631\u0627\u062d\u062a\u06cc \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0645\u0642\u0627\u062f\u06cc\u0631 \u067e\u0627\u0631\u0627\u0645\u062a\u0631\u0647\u0627\u06cc \u0645\u0648\u0631\u062f \u0646\u06cc\u0627\u0632 \u062f\u0631 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a \u0628\u0631\u0627\u06cc \u0627\u0646\u062c\u0627\u0645 \u0627\u0642\u062f\u0627\u0645 \u0645\u0648\u0631\u062f \u0646\u0638\u0631 \u0631\u0627 \u062a\u0639\u06cc\u06cc\u0646 \u06a9\u0646\u062f.<\/li><\/ul><p style=\"text-align: justify;\">\u0628\u0627 \u0628\u0631\u0622\u0648\u0631\u062f\u0647\u200c\u0634\u062f\u0646 \u0627\u06cc\u0646 \u0634\u0631\u0627\u06cc\u0637\u060c \u0645\u0647\u0627\u062c\u0645 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u06cc\u06a9 \u0635\u0641\u062d\u0647 \u0648\u0628 \u062d\u0627\u0648\u06cc \u06a9\u062f HTML \u0632\u06cc\u0631 \u0628\u0633\u0627\u0632\u062f:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-d04fe94 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"d04fe94\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-bd38128\" data-id=\"bd38128\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-c831074 elementor-widget elementor-widget-text-editor\" data-id=\"c831074\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"direction: ltr; text-align: left;\"><span style=\"color: #ffffff;\">\u00a0<\/span><\/p><p style=\"direction: ltr; text-align: left;\"><span style=\"color: #ffffff;\">\u00a0 \u00a0 \u00a0\u00a0 \u00a0 \u00a0<\/span><\/p><p style=\"direction: ltr; text-align: left;\"><span style=\"color: #ffffff;\">\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 <\/span><\/p><form action=\"https:\/\/vulnerable-website.com\/email\/change\" method=\"POST\"><p style=\"direction: ltr; text-align: left;\"><span style=\"color: #ffffff;\">\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 <input name=\"email\" type=\"hidden\" value=\"pwned@evil-user.net\" \/>\u00a0 \u00a0<\/span><\/p><p style=\"direction: ltr; text-align: left;\"><span style=\"color: #ffffff;\">\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 <\/span><\/p><\/form><p style=\"direction: ltr; text-align: left;\"><span style=\"color: #ffffff;\">\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 <script>\u00a0<\/span><\/p>\n<p>\n<\/p>\n<p style=\"direction: ltr; text-align: left;\"><span style=\"color: #ffffff;\">\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 document.forms[0].submit();\u00a0<\/span><\/p>\n<p>\n<\/p>\n<p style=\"direction: ltr; text-align: left;\"><span style=\"color: #ffffff;\">\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 <\/script>\u00a0<\/span><\/p><p style=\"direction: ltr; text-align: left;\"><span style=\"color: #ffffff;\">\u00a0 \u00a0 \u00a0 \u00a0\u00a0 \u00a0\u00a0<\/span><\/p><p style=\"direction: ltr; text-align: left;\">\u00a0<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-e7daa7d elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"e7daa7d\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-72131a0\" data-id=\"72131a0\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-1073e10 elementor-widget elementor-widget-text-editor\" data-id=\"1073e10\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"text-align: justify;\">\u0627\u06af\u0631 \u0642\u0631\u0628\u0627\u0646\u06cc \u0627\u0632 \u0635\u0641\u062d\u0647 \u0645\u0647\u0627\u062c\u0645 \u0628\u0627\u0632\u062f\u06cc\u062f \u06a9\u0646\u062f\u060c \u0627\u062a\u0641\u0627\u0642\u0627\u062a \u0632\u06cc\u0631 \u0645\u06cc\u200c\u0627\u0641\u062a\u062f:<\/p><ul style=\"text-align: justify;\"><li>\u0635\u0641\u062d\u0647\u200c\u0647\u0627\u06cc \u0645\u0647\u0627\u062c\u0645 \u0628\u0627\u0639\u062b \u0627\u0631\u0633\u0627\u0644 \u06cc\u06a9 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a HTTP \u0628\u0647 \u0648\u0628\u0633\u0627\u06cc\u062a \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631 \u0645\u06cc\u200c\u0634\u0648\u062f.<\/li><li>\u0627\u06af\u0631 \u06a9\u0627\u0631\u0628\u0631 \u062f\u0631 \u0648\u0628\u0633\u0627\u06cc\u062a \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631 \u0644\u0627\u06af\u06cc\u0646 \u06a9\u0631\u062f\u0647 \u0628\u0627\u0634\u062f\u060c \u0645\u0631\u0648\u0631\u06af\u0631 \u0628\u0647 \u0637\u0648\u0631 \u062e\u0648\u062f\u06a9\u0627\u0631 \u06a9\u0648\u06a9\u06cc\u200c\u0647\u0627\u06cc \u0633\u0634\u0646 \u0631\u0627 \u0646\u06cc\u0632 \u062f\u0631 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a \u0645\u06cc\u200c\u0622\u0648\u0631\u062f (\u0628\u0627 \u0641\u0631\u0636 \u0627\u06cc\u0646 \u06a9\u0647 \u0627\u0632 \u0642\u0627\u0628\u0644\u06cc\u062a SameSite \u062f\u0631 \u06a9\u0648\u06a9\u06cc\u200c\u0647\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0646\u0634\u062f\u0647 \u0628\u0627\u0634\u062f).<\/li><li>\u0648\u0628\u0633\u0627\u06cc\u062a \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a \u0631\u0627 \u0645\u0627\u0646\u0646\u062f \u06cc\u06a9 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a \u0645\u0639\u0645\u0648\u0644\u06cc \u067e\u0631\u062f\u0627\u0632\u0634 \u0645\u06cc\u200c\u06a9\u0646\u062f\u060c \u0648 \u0628\u0627 \u0622\u0646 \u062f\u0642\u06cc\u0642\u0627 \u0645\u0627\u0646\u0646\u062f \u0628\u0627\u0642\u06cc \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a\u200c\u0647\u0627\u06cc \u06a9\u0627\u0631\u0628\u0631 \u0642\u0631\u0628\u0627\u0646\u06cc \u0631\u0641\u062a\u0627\u0631 \u0645\u06cc\u200c\u06a9\u0646\u062f\u060c \u0648 \u0622\u062f\u0631\u0633 \u0627\u06cc\u0645\u06cc\u0644 \u0627\u06cc\u0646 \u06a9\u0627\u0631\u0628\u0631 \u0631\u0627 \u062a\u063a\u06cc\u06cc\u0631 \u0645\u06cc\u200c\u062f\u0647\u062f.<\/li><\/ul><p style=\"text-align: justify;\"><strong>\u0646\u06a9\u062a\u0647: <\/strong>\u0627\u06af\u0631\u0686\u0647 \u0645\u0639\u0645\u0648\u0644\u0627 \u0628\u0631\u0627\u06cc \u062a\u0648\u0636\u06cc\u062d \u062d\u0645\u0644\u0647 CSRF\u060c \u0628\u0647 \u0627\u062f\u0627\u0631\u0647\u200c\u06cc \u0633\u0634\u0646 \u0645\u0628\u062a\u0646\u06cc \u0628\u0631 \u06a9\u0648\u06a9\u06cc \u0627\u0634\u0627\u0631\u0647 \u0645\u06cc\u200c\u200e\u0634\u0648\u062f\u060c \u0627\u0645\u0627 \u062f\u0631 \u0634\u0631\u0627\u06cc\u0637 \u062f\u06cc\u06af\u0631 \u0648 \u0627\u0635\u0648\u0644\u0627 \u062f\u0631 \u062a\u0645\u0627\u0645 \u0645\u0648\u0627\u0642\u0639\u06cc \u06a9\u0647 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0628\u0647 \u0637\u0648\u0631 \u062e\u0648\u062f\u06a9\u0627\u0631 \u0646\u0648\u0639\u06cc \u0627\u0632 \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0647\u0648\u06cc\u062a\u06cc \u06a9\u0627\u0631\u0628\u0631 \u0631\u0627 \u062f\u0631 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a\u200c\u0647\u0627 \u0645\u06cc\u200c\u0622\u0648\u0631\u062f\u060c \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0628\u0647 \u0648\u062c\u0648\u062f \u0645\u06cc\u200c\u0622\u06cc\u062f. \u0628\u0631\u0627\u06cc \u0645\u062b\u0627\u0644 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u062f\u0631 \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u067e\u0627\u06cc\u0647\u200c\u06cc HTTP \u0648 \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u0645\u0628\u062a\u0646\u06cc \u0628\u0631 \u06af\u0648\u0627\u0647\u06cc\u0646\u0627\u0645\u0647 (certificate-based) \u0646\u06cc\u0632 \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u062f.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-4efb525 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"4efb525\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-e9a7396\" data-id=\"e9a7396\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-80f88a4 elementor-widget elementor-widget-text-editor\" data-id=\"80f88a4\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2 id=\"csrf-exploit-with-burp-suite\"><strong>\u0646\u062d\u0648\u0647 \u0633\u0627\u062e\u062a\u0646 \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a <\/strong><strong>CSRF<\/strong><strong> \u0628\u0627 <\/strong><strong>Burp Suite<\/strong><strong>\u00a0<\/strong><\/h2>\n<p style=\"text-align: justify;\">\u0633\u0627\u062e\u062a\u0646 \u062f\u0633\u062a\u06cc \u0635\u0641\u062d\u0647 HTML \u0644\u0627\u0632\u0645 \u0628\u0631\u0627\u06cc \u06cc\u06a9 \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a CSRF \u0646\u0633\u0628\u062a\u0627 \u0633\u062e\u062a \u0648 \u0632\u0645\u0627\u0646\u0628\u0631 \u0627\u0633\u062a\u060c \u0628\u0647 \u062e\u0635\u0648\u0635 \u0648\u0642\u062a\u06cc \u06a9\u0647 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a \u0645\u0648\u0631\u062f \u0646\u06cc\u0627\u0632 \u062a\u0639\u062f\u0627\u062f \u0632\u06cc\u0627\u062f\u06cc \u067e\u0627\u0631\u0627\u0645\u062a\u0631 \u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u062f\u060c \u06cc\u0627 \u0631\u06cc\u0632\u0647\u200c\u06a9\u0627\u0631\u06cc\u200c\u0647\u0627\u06cc \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a \u0632\u06cc\u0627\u062f \u0628\u0627\u0634\u0646\u062f. \u0631\u0627\u062d\u062a\u200c\u062a\u0631\u06cc\u0646 \u0631\u0627\u0647 \u0628\u0631\u0627\u06cc \u0633\u0627\u062e\u062a \u06cc\u06a9 \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a CSRF\u060c \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 CSRF PoC Generator \u0627\u0633\u062a \u06a9\u0647 \u0628\u0647\u200c\u0635\u0648\u0631\u062a \u067e\u06cc\u0634\u200c\u0633\u0627\u062e\u062a\u0647 \u062f\u0631 \u0646\u0633\u062e\u0647 Professional \u0646\u0631\u0645\u200c\u0627\u0641\u0632\u0627\u0631 \u00a0Burp Suite \u0642\u0631\u0627\u0631 \u062f\u0627\u0631\u062f:<\/p>\n\n<ul>\n \t<li style=\"text-align: justify;\">\u062f\u0631 \u0647\u0631\u062c\u0627\u06cc\u06cc \u0627\u0632 Brup Suite \u06a9\u0647 \u0645\u06cc\u200c\u062e\u0648\u0627\u0647\u06cc\u062f \u062a\u0633\u062a \u06cc\u0627 \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a \u06a9\u0646\u06cc\u062f\u060c \u06cc\u06a9 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a \u0627\u0646\u062a\u062e\u0627\u0628 \u06a9\u0646\u06cc\u062f.<\/li>\n \t<li style=\"text-align: justify;\">\u0627\u0632 \u0645\u0646\u0648\u06cc\u06cc \u06a9\u0647 \u0628\u0627 \u0631\u0627\u0633\u062a\u200c\u06a9\u0644\u06cc\u06a9 \u0628\u0627\u0632 \u0645\u06cc\u200c\u0634\u0648\u062f\u060c \u06af\u0632\u06cc\u0646\u0647 Engagement Tools\/ Generate CSRF PoC \u0631\u0627 \u0627\u0646\u062a\u062e\u0627\u0628 \u06a9\u0646\u06cc\u062f.<\/li>\n \t<li style=\"text-align: justify;\">Burp Suite \u0628\u0647 \u0635\u0648\u0631\u062a \u062e\u0648\u062f\u06a9\u0627\u0631 \u06cc\u06a9 \u06a9\u062f HTML \u062a\u0648\u0644\u06cc\u062f \u0645\u06cc\u200c\u06a9\u0646\u062f \u06a9\u0647 \u0628\u0627\u0639\u062b \u0627\u0631\u0633\u0627\u0644 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a \u0645\u0648\u0631\u062f \u0646\u0638\u0631 \u0634\u0645\u0627 \u0645\u06cc\u200c\u0634\u0648\u062f (\u0627\u0644\u0628\u062a\u0647 \u0628\u062f\u0648\u0646 \u06a9\u0648\u06a9\u06cc\u060c \u0686\u0648\u0646 \u06a9\u0648\u06a9\u06cc\u200c\u0647\u0627 \u0628\u0639\u062f\u0627 \u062a\u0648\u0633\u0637 \u0645\u0631\u0648\u0631\u06af\u0631 \u0642\u0631\u0628\u0627\u0646\u06cc \u0627\u0636\u0627\u0641\u0647 \u0645\u06cc\u200c\u0634\u0648\u0646\u062f).<\/li>\n \t<li style=\"text-align: justify;\">\u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u062f \u06af\u0632\u06cc\u0646\u0647\u200c\u0647\u0627\u06cc \u0645\u062e\u062a\u0644\u0641 \u062f\u0631 CSRF PoC Generator \u0631\u0627 \u062f\u0633\u062a\u06a9\u0627\u0631\u06cc \u06a9\u0646\u06cc\u062f \u062a\u0627 \u0648\u06cc\u0698\u06af\u06cc\u200c\u0647\u0627\u06cc \u0645\u062e\u062a\u0644\u0641 \u062d\u0645\u0644\u0647 \u0631\u0627 \u062f\u0642\u06cc\u0642\u0627 \u0645\u0637\u0627\u0628\u0642 \u0645\u06cc\u0644 \u062e\u0648\u062f\u062a\u0627\u0646 \u062a\u063a\u06cc\u06cc\u0631 \u062f\u0647\u06cc\u062f. \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u062f\u0631 \u0628\u0639\u0636\u06cc \u0645\u0648\u0642\u0639\u06cc\u062a\u200c\u0647\u0627\u06cc \u063a\u06cc\u0631\u0645\u0639\u0645\u0648\u0644\u060c \u0628\u0631\u0627\u06cc \u062f\u0633\u062a\u06a9\u0627\u0631\u06cc \u0628\u0639\u0636\u06cc \u0627\u0632 \u0648\u06cc\u0698\u06af\u06cc\u200c\u0647\u0627\u06cc \u062e\u0627\u0635 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a\u060c \u0646\u06cc\u0627\u0632 \u0628\u0627\u0634\u062f \u0627\u0632 \u0627\u06cc\u0646 \u06af\u0632\u06cc\u0646\u0647\u200c\u0647\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u06cc\u062f.<\/li>\n \t<li style=\"text-align: justify;\">\u06a9\u062f HTML \u062a\u0648\u0644\u06cc\u062f\u0634\u062f\u0647 \u0631\u0627 \u062f\u0631 \u06cc\u06a9 \u0635\u0641\u062d\u0647 \u0648\u0628 \u06a9\u067e\u06cc \u06a9\u0646\u06cc\u062f\u060c \u0628\u0627 \u06cc\u06a9 \u0645\u0631\u0648\u0631\u06af\u0631 \u06a9\u0647 \u062f\u0631 \u06cc\u06a9 \u0648\u0628\u0633\u0627\u06cc\u062a \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631 \u0644\u0627\u06af\u06cc\u0646 \u06a9\u0631\u062f\u0647 \u0628\u0627\u0634\u062f \u0622\u0646 \u0631\u0627 \u0628\u0627\u0632 \u06a9\u0646\u06cc\u062f\u060c \u0648 \u0628\u0628\u06cc\u0646\u06cc\u062f \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a \u0645\u062f \u0646\u0638\u0631 \u0634\u0645\u0627 \u0628\u0627 \u0645\u0648\u0641\u0642\u06cc\u062a \u0627\u0631\u0633\u0627\u0644 \u0645\u06cc\u200c\u0634\u0648\u062f \u0648 \u0627\u0642\u062f\u0627\u0645 \u0645\u0648\u0631\u062f \u0646\u0638\u0631\u062a\u0627\u0646 \u0627\u0646\u062c\u0627\u0645 \u0645\u06cc\u200c\u0634\u0648\u062f \u06cc\u0627 \u0646\u0647.<\/li>\n<\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-373c32a elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"373c32a\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-813b58d\" data-id=\"813b58d\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-28031f3 elementor-widget elementor-widget-accordion\" data-id=\"28031f3\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"accordion.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-accordion\">\n\t\t\t\t\t\t\t<div class=\"elementor-accordion-item\">\n\t\t\t\t\t<div id=\"elementor-tab-title-4191\" class=\"elementor-tab-title\" data-tab=\"1\" role=\"button\" aria-controls=\"elementor-tab-content-4191\" aria-expanded=\"false\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-accordion-icon elementor-accordion-icon-right\" aria-hidden=\"true\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-accordion-icon-closed\"><i class=\"fas fa-plus\"><\/i><\/span>\n\t\t\t\t\t\t\t\t<span class=\"elementor-accordion-icon-opened\"><i class=\"fas fa-minus\"><\/i><\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t<a class=\"elementor-accordion-title\" tabindex=\"0\">\u0645\u0637\u0644\u0628 \u0645\u0634\u0627\u0628\u0647<\/a>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t<div id=\"elementor-tab-content-4191\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"1\" role=\"region\" aria-labelledby=\"elementor-tab-title-4191\"><ul><li><a href=\"https:\/\/liangroup.net\/blog\/%d8%aa%d8%b4%d8%b1%db%8c%d8%ad-%d8%a2%d8%b3%db%8c%d8%a8-%d9%be%d8%b0%db%8c%d8%b1%db%8c-ssrf\/\"><b>SSRF \u0686\u06cc\u0633\u062a\u061f<\/b><\/a><\/li><\/ul><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-0479aad elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"0479aad\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-1a4efd3\" data-id=\"1a4efd3\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-a3c54b7 elementor-widget elementor-widget-text-editor\" data-id=\"a3c54b7\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2 id=\"csrf-exploit-move\"><strong>\u0646\u062d\u0648\u0647 \u0627\u0646\u062a\u0642\u0627\u0644 \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a <\/strong><strong>CSRF<\/strong><strong>\u00a0<\/strong><\/h2>\n<p style=\"text-align: justify;\">\u0645\u06a9\u0627\u0646\u06cc\u0632\u0645\u200c\u0647\u0627\u06cc \u0627\u0646\u062a\u0642\u0627\u0644 \u062d\u0645\u0644\u0627\u062a CSRF \u0627\u0633\u0627\u0633\u0627 \u0628\u0627 \u062d\u0645\u0644\u0627\u062a reflected XSS \u06cc\u06a9\u06cc \u0647\u0633\u062a\u0646\u062f. \u0645\u0639\u0645\u0648\u0644\u0627\u060c \u0645\u0647\u0627\u062c\u0645 \u0645\u062d\u062a\u0648\u0627\u06cc \u0645\u062e\u0631\u0628 HTML \u0631\u0627 \u062f\u0631 \u0648\u0628\u0633\u0627\u06cc\u062a\u06cc \u0642\u0631\u0627\u0631 \u0645\u06cc\u200c\u062f\u0647\u062f \u06a9\u0647 \u062f\u0631 \u06a9\u0646\u062a\u0631\u0644 \u062e\u0648\u062f\u0634 \u0628\u0627\u0634\u062f\u060c \u0648 \u0633\u067e\u0633 \u0628\u0647 \u0631\u0648\u0634\u200c\u0647\u0627\u06cc \u06af\u0648\u0646\u0627\u06af\u0648\u0646 \u0642\u0631\u0628\u0627\u0646\u06cc\u0627\u0646 \u0631\u0627 \u0645\u062c\u0627\u0628 \u0628\u0647 \u0628\u0627\u0632\u062f\u06cc\u062f \u0627\u0632 \u0622\u0646 \u0648\u0628\u0633\u0627\u06cc\u062a \u0645\u06cc\u200c\u06a9\u0646\u062f. \u0627\u06cc\u0646 \u06a9\u0627\u0631 \u0631\u0627 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u0627\u0632 \u0637\u0631\u06cc\u0642 \u0627\u0631\u0633\u0627\u0644 \u0644\u06cc\u0646\u06a9 \u0633\u0627\u06cc\u062a \u0628\u0631\u0627\u06cc \u06a9\u0627\u0631\u0628\u0631 \u062f\u0631 \u06cc\u06a9 \u0627\u06cc\u0645\u06cc\u0644 \u06cc\u0627 \u067e\u06cc\u0627\u0645 \u062f\u0631 \u0634\u0628\u06a9\u0647\u200c\u0647\u0627\u06cc \u0627\u062c\u062a\u0645\u0627\u0639\u06cc \u0627\u0646\u062c\u0627\u0645 \u062f\u0627\u062f. \u06cc\u0627 \u0627\u06af\u0631 \u062d\u0645\u0644\u0647 \u062f\u0631 \u06cc\u06a9 \u0648\u0628\u0633\u0627\u06cc\u062a \u067e\u0631\u0637\u0631\u0641\u062f\u0627\u0631 \u0642\u0631\u0627\u0631 \u062f\u0627\u062f\u0647 \u0634\u062f\u0647 (\u0645\u062b\u0644\u0627 \u062f\u0631 \u0628\u062e\u0634 \u0646\u0638\u0631\u0627\u062a \u06cc\u06a9 \u0628\u0644\u0627\u06af \u067e\u0631\u0628\u0627\u0632\u062f\u06cc\u062f)\u060c \u0645\u0647\u0627\u062c\u0645 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0645\u0646\u062a\u0638\u0631 \u0628\u0646\u0634\u06cc\u0646\u062f \u062a\u0627 \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u0627\u0632 \u0622\u0646 \u0648\u0628\u0633\u0627\u06cc\u062a \u062f\u06cc\u062f\u0646 \u06a9\u0646\u0646\u062f.<\/p>\n<p style=\"text-align: justify;\">\u062a\u0648\u062c\u0647 \u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u06cc\u062f \u06a9\u0647 \u0628\u0639\u0636\u06cc \u0627\u0632 \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a\u200c\u0647\u0627\u06cc \u0633\u0627\u062f\u0647\u200c\u06cc CSRF \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u0627\u0632 \u0645\u062a\u062f GET \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u0646\u062f \u0648 \u062f\u0631 \u0627\u06cc\u0646 \u0635\u0648\u0631\u062a \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u0646\u062f \u0628\u0647 \u0637\u0648\u0631 \u06a9\u0627\u0645\u0644 \u062f\u0631 \u06cc\u06a9 URL \u0627\u0632 \u0648\u0628\u0633\u0627\u06cc\u062a \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631 \u0642\u0631\u0627\u0631 \u0628\u06af\u06cc\u0631\u0646\u062f. \u062f\u0631 \u0627\u06cc\u0646 \u0635\u0648\u0631\u062a \u0645\u0647\u0627\u062c\u0645 \u062f\u06cc\u06af\u0631 \u0646\u06cc\u0627\u0632 \u0628\u0647 \u06cc\u06a9 \u0648\u0628\u0633\u0627\u06cc\u062a \u062e\u0627\u0631\u062c\u06cc \u0646\u062f\u0627\u0631\u062f \u0648 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f URL \u0645\u0631\u0628\u0648\u0637\u0647 \u0628\u0647 \u062f\u0627\u0645\u0646\u0647 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631 \u0631\u0627 \u0645\u0633\u062a\u0642\u06cc\u0645\u0627 \u0628\u0631\u0627\u06cc \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u0627\u0631\u0633\u0627\u0644 \u06a9\u0631\u062f\u0647 \u0648 \u0627\u0646\u062a\u0642\u0627\u0644 \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a \u0631\u0627 \u06a9\u0627\u0645\u0644 \u06a9\u0646\u062f. \u062f\u0631 \u0645\u062b\u0627\u0644 \u0642\u0628\u0644\u06cc\u060c \u0627\u06af\u0631 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a \u062a\u063a\u06cc\u06cc\u0631 \u0622\u062f\u0631\u0633 \u0628\u0627 \u0645\u062a\u062f GET \u0642\u0627\u0628\u0644 \u0627\u0646\u062c\u0627\u0645 \u0628\u0627\u0634\u062f\u060c \u062f\u0631 \u0627\u06cc\u0646 \u0635\u0648\u0631\u062a URL \u062d\u0627\u0648\u06cc \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a \u0628\u0647 \u0635\u0648\u0631\u062a \u0632\u06cc\u0631 \u062e\u0648\u0627\u0647\u062f \u0628\u0648\u062f:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-0077257 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"0077257\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-1336736\" data-id=\"1336736\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-9838bf1 elementor-widget elementor-widget-text-editor\" data-id=\"9838bf1\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p dir=\"ltr\" align=\"left\"><span style=\"color: #ffffff;\">&lt; img src=\u201dhttps:\/\/vulnerable-website.com\/email\/change?email=pwned@evil-user.net\u201d&gt;<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-6ecc2da elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"6ecc2da\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-0493ebe\" data-id=\"0493ebe\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-c852734 elementor-widget elementor-widget-text-editor\" data-id=\"c852734\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2 id=\"csrf-attack-prevention\"><strong>\u062c\u0644\u0648\u06af\u06cc\u0631\u06cc \u0627\u0632 \u062d\u0645\u0644\u0627\u062a <\/strong><strong>CSRF<\/strong><strong>\u00a0<\/strong><\/h2><p style=\"text-align: justify;\">\u0645\u0637\u0645\u0626\u0646\u200c\u062a\u0631\u06cc\u0646 \u0631\u0627\u0647 \u0628\u0631\u0627\u06cc \u062c\u0644\u0648\u06af\u06cc\u0631\u06cc \u0627\u0632 \u062d\u0645\u0644\u0627\u062a\u060c \u0642\u0631\u0627\u0631\u062f\u0627\u062f\u0646 \u06cc\u06a9 \u062a\u0648\u06a9\u0646 CSRF \u062f\u0631 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a\u200c\u0647\u0627\u06cc \u0645\u0639\u062a\u0628\u0631 \u0627\u0633\u062a. \u0627\u06cc\u0646 \u062a\u0648\u06a9\u0646 \u0628\u0627\u06cc\u062f:<\/p><ul style=\"text-align: justify;\"><li>\u0645\u0627\u0646\u0646\u062f \u062f\u06cc\u06af\u0631 \u062a\u0648\u06a9\u0646\u200c\u0647\u0627\u06cc \u0633\u0634\u0646\u060c \u063a\u06cc\u0631\u0642\u0627\u0628\u0644 \u067e\u06cc\u0634\u200c\u0628\u06cc\u0646\u06cc \u0648 \u0628\u0647\u200c\u0634\u062f\u062a \u062a\u0635\u0627\u062f\u0641\u06cc \u0628\u0627\u0634\u062f.<\/li><li>\u0631\u0627\u0628\u0637\u0647 \u06cc\u06a9\u200c\u0628\u0647\u200c\u06cc\u06a9 \u0628\u0627 \u0633\u0634\u0646 \u06a9\u0627\u0631\u0628\u0631 \u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u062f.<\/li><li>\u0642\u0628\u0644 \u0627\u0632 \u0627\u0646\u062c\u0627\u0645 \u0647\u0631\u06af\u0648\u0646\u0647 \u0627\u0642\u062f\u0627\u0645 \u0645\u0631\u062a\u0628\u0637 \u0628\u0627 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a\u060c \u0628\u0647 \u0637\u0648\u0631 \u06a9\u0627\u0645\u0644 \u0648 \u062f\u0642\u06cc\u0642 \u0627\u0639\u062a\u0628\u0627\u0631\u0633\u0646\u062c\u06cc \u0634\u0648\u062f.<\/li><\/ul><p style=\"text-align: justify;\">\u06cc\u06a9 \u0631\u0627\u0647\u06a9\u0627\u0631 \u062f\u0641\u0627\u0639\u06cc \u062f\u06cc\u06af\u0631 \u06a9\u0647 \u062a\u0627 \u062d\u062f\u0648\u062f\u06cc \u062f\u0631 \u0628\u0631\u0627\u0628\u0631 CSRF \u0645\u0648\u062b\u0631 \u0627\u0633\u062a \u0648 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u0622\u0646 \u0631\u0627 \u0628\u0647 \u0635\u0648\u0631\u062a \u0645\u06a9\u0645\u0644 \u062f\u0631 \u06a9\u0646\u0627\u0631 \u062a\u0648\u06a9\u0646\u200c\u0647\u0627\u06cc CSRF \u0628\u0647 \u06a9\u0627\u0631 \u0628\u0631\u062f\u060c \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0642\u0627\u0628\u0644\u06cc\u062a SameSite \u062f\u0631 \u06a9\u0648\u06a9\u06cc\u200c\u0647\u0627\u06cc \u0633\u0634\u0646 \u06a9\u0627\u0631\u0628\u0631 \u0627\u0633\u062a.<\/p><h2 id=\"csrf-regular-vulnerabilities\" style=\"text-align: justify;\"><strong>\u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc \u0631\u0627\u06cc\u062c <\/strong><strong>CSRF<\/strong><strong>\u00a0<\/strong><\/h2><p style=\"text-align: justify;\">\u0645\u0646\u0634\u0623 \u062c\u0627\u0644\u0628\u200c\u062a\u0631\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc CSRF\u060c \u0627\u0634\u062a\u0628\u0627\u0647\u0627\u062a\u06cc \u0647\u0633\u062a\u0646\u062f \u06a9\u0647 \u062f\u0631 \u0627\u0639\u062a\u0628\u0627\u0631\u0633\u0646\u062c\u06cc \u062a\u0648\u06a9\u0646\u200c\u0647\u0627\u06cc CSRF \u0631\u062e \u0645\u06cc\u200c\u062f\u0647\u0646\u062f.<\/p><p style=\"text-align: justify;\">\u062f\u0631 \u0645\u062b\u0627\u0644 \u0642\u0628\u0644\u06cc\u060c \u0641\u0631\u0636 \u06a9\u0646\u06cc\u062f \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0627\u06cc\u0646 \u0628\u0627\u0631 \u0627\u0632 \u062a\u0648\u06a9\u0646 CSRF \u0646\u06cc\u0632 \u062f\u0627\u062e\u0644 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a \u062a\u063a\u06cc\u06cc\u0631 \u067e\u0633\u0648\u0631\u062f \u06a9\u0627\u0631\u0628\u0631 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0631\u062f\u0647 \u0627\u0633\u062a:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-b056cef elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"b056cef\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-23830cb\" data-id=\"23830cb\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-9cccbc1 elementor-widget elementor-widget-text-editor\" data-id=\"9cccbc1\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"direction: ltr; text-align: left;\"><span style=\"color: #ffffff;\">POST \/email\/change HTTP\/1.1\u00a0<\/span><\/p><p style=\"direction: ltr; text-align: left;\"><span style=\"color: #ffffff;\">Host: vulnerable-website.com\u00a0\u00a0<\/span><\/p><p style=\"direction: ltr; text-align: left;\"><span style=\"color: #ffffff;\">Content-Type: application\/x-www-form-urlencoded\u00a0<\/span><\/p><p style=\"direction: ltr; text-align: left;\"><span style=\"color: #ffffff;\">Content-Length: 68\u00a0 \u00a0<\/span><\/p><p style=\"direction: ltr; text-align: left;\"><span style=\"color: #ffffff;\">Cookie: session=2yQIDcpia41WrATfjPqvm9tOkDvkMvLm\u00a0 \u00a0<\/span><\/p><p style=\"direction: ltr; text-align: left;\"><span style=\"color: #ffffff;\"><a style=\"color: #ffffff;\" href=\"mailto:csrf=WfF1szMUHhiokx9AHFply5L2xAOfjRkE&amp;email=wiener@normal-user.com\">csrf=WfF1szMUHhiokx9AHFply5L2xAOfjRkE&amp;email=wiener@normal-user.com<\/a><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-29a82ab elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"29a82ab\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-4611ccd\" data-id=\"4611ccd\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-3968b8a elementor-widget elementor-widget-text-editor\" data-id=\"3968b8a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"text-align: justify;\">\u0627\u06cc\u0646 \u0646\u0648\u0639 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a \u0628\u0627\u06cc\u062f \u0628\u062a\u0648\u0627\u0646\u062f \u0627\u0632 \u062d\u0645\u0644\u0627\u062a CSRF \u062c\u0644\u0648\u06af\u06cc\u0631\u06cc \u06a9\u0646\u062f\u060c \u0686\u0648\u0646 \u0634\u0631\u0627\u06cc\u0637 \u0644\u0627\u0632\u0645 \u0628\u0631\u0627\u06cc \u0648\u062c\u0648\u062f \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc CSRF \u0631\u0627 \u0646\u0642\u0636 \u0645\u06cc\u200c\u06a9\u0646\u062f: \u062f\u06cc\u06af\u0631 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0628\u0631\u0627\u06cc \u0627\u062f\u0627\u0631\u0647 \u06cc\u0627 \u0627\u0635\u0637\u0644\u0627\u062d\u0627\u064b handling \u0633\u0634\u0646\u060c \u0635\u0631\u0641\u0627 \u0628\u0647 \u06a9\u0648\u06a9\u06cc\u200c\u0647\u0627 \u0648\u0627\u0628\u0633\u062a\u0647 \u0646\u06cc\u0633\u062a\u060c \u0648 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a \u0647\u0645 \u062d\u0627\u0648\u06cc \u067e\u0627\u0631\u0627\u0645\u062a\u0631\u06cc \u0627\u0633\u062a \u06a9\u0647 \u0645\u0647\u0627\u062c\u0645 \u0646\u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0628\u0647 \u0633\u0627\u062f\u06af\u06cc \u062a\u0639\u06cc\u06cc\u0646 \u06a9\u0646\u062f. \u0628\u0627 \u0627\u06cc\u0646 \u0648\u062c\u0648\u062f\u060c \u0631\u0627\u0647\u200c\u0647\u0627\u06cc \u0645\u062e\u062a\u0644\u0641\u06cc \u0628\u0631\u0627\u06cc \u0634\u06a9\u0633\u062a\u0646 \u0627\u06cc\u0646 \u0631\u0627\u0647\u06a9\u0627\u0631 \u062f\u0641\u0627\u0639\u06cc \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u062f \u06a9\u0647 \u0628\u0647 \u0627\u06cc\u0646 \u0645\u0639\u0646\u0627\u0633\u062a \u06a9\u0647 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0647\u0646\u0648\u0632 \u0646\u0633\u0628\u062a \u0628\u0647 CSRF \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631 \u0627\u0633\u062a.<\/p><h3><strong>\u0627\u0639\u062a\u0628\u0627\u0631\u0633\u0646\u062c\u06cc \u062a\u0648\u06a9\u0646 <\/strong><strong>CSRF<\/strong><strong> \u0628\u0647 \u0645\u062a\u062f \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a \u0628\u0633\u062a\u06af\u06cc \u062f\u0627\u0631\u062f\u00a0<\/strong><\/h3><p style=\"text-align: justify;\">\u0628\u0639\u0636\u06cc \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646\u200c\u0647\u0627\u060c \u0648\u0642\u062a\u06cc \u06a9\u0647 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a \u0627\u0632 \u0645\u062a\u062f POST \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u06a9\u0646\u062f \u0627\u0639\u062a\u0628\u0627\u0631\u0633\u0646\u062c\u06cc \u062a\u0648\u06a9\u0646 \u0631\u0627 \u0628\u0647 \u062f\u0631\u0633\u062a\u06cc \u0627\u0646\u062c\u0627\u0645 \u0645\u06cc\u200c\u062f\u0647\u0646\u062f\u060c \u0648\u0644\u06cc \u0648\u0642\u062a\u06cc \u0627\u0632 \u0645\u062a\u062f GET \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0634\u0648\u062f\u060c \u0627\u0639\u062a\u0628\u0627\u0631\u0633\u0646\u062c\u06cc \u0631\u0627 \u0627\u0646\u062c\u0627\u0645 \u0646\u0645\u06cc\u200c\u062f\u0647\u0646\u062f.<\/p><p style=\"text-align: justify;\">\u062f\u0631 \u0627\u06cc\u0646 \u0645\u0648\u0627\u0642\u0639\u060c \u0645\u0647\u0627\u062c\u0645 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0628\u0631\u0627\u06cc \u062f\u0648\u0631\u0632\u062f\u0646 \u0645\u0631\u062d\u0644\u0647 \u0627\u0639\u062a\u0628\u0627\u0631\u0633\u0646\u062c\u06cc \u0627\u0632 \u0645\u062a\u062f GET \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u062f \u0648 \u062d\u0645\u0644\u0647\u200c\u06cc CSRF \u0631\u0627 \u0627\u0646\u062c\u0627\u0645 \u062f\u0647\u062f:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-a783c3b elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"a783c3b\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-3b6cfd4\" data-id=\"3b6cfd4\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-c7ae0eb elementor-widget elementor-widget-text-editor\" data-id=\"c7ae0eb\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"direction: ltr; text-align: left;\"><span style=\"color: #ffffff;\">GET \/email\/change?email=pwned@evil-user.net HTTP\/1.1\u00a0<\/span><\/p><p style=\"direction: ltr; text-align: left;\"><span style=\"color: #ffffff;\">Host: vulnerable-website.com\u00a0\u00a0<\/span><\/p><p style=\"direction: ltr; text-align: left;\"><span style=\"color: #ffffff;\">Cookie: session=2yQIDcpia41WrATfjPqvm9tOkDvkMvLm\u00a0\u00a0<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-d0b6bd6 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"d0b6bd6\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-6779345\" data-id=\"6779345\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-8277346 elementor-widget elementor-widget-text-editor\" data-id=\"8277346\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h3><strong>\u0627\u0639\u062a\u0628\u0627\u0631\u0633\u0646\u062c\u06cc \u062a\u0648\u06a9\u0646 <\/strong><strong>CSRF<\/strong><strong> \u0628\u0647 \u0648\u062c\u0648\u062f \u062a\u0648\u06a9\u0646 \u0628\u0633\u062a\u06af\u06cc \u062f\u0627\u0631\u062f<\/strong><\/h3><p style=\"text-align: justify;\">\u0628\u0639\u0636\u06cc \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646\u200c\u0647\u0627\u060c \u0648\u0642\u062a\u06cc \u062a\u0648\u06a9\u0646 \u0648\u062c\u0648\u062f \u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u062f \u0628\u0647\u200c\u062f\u0631\u0633\u062a\u06cc \u0622\u0646 \u0631\u0627 \u0627\u0639\u062a\u0628\u0627\u0631\u0633\u0646\u062c\u06cc \u0645\u06cc\u200c\u06a9\u0646\u0646\u062f\u060c \u0648\u0644\u06cc \u0627\u06af\u0631 \u062a\u0648\u06a9\u0646 \u062f\u0631 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a \u0646\u06cc\u0627\u0645\u062f\u0647 \u0628\u0627\u0634\u062f\u060c \u0627\u0639\u062a\u0628\u0627\u0631\u0633\u0646\u062c\u06cc \u0631\u0627 \u0627\u0646\u062c\u0627\u0645 \u0646\u0645\u06cc\u200c\u062f\u0647\u0646\u062f.<\/p><p style=\"text-align: justify;\">\u062f\u0631 \u0627\u06cc\u0646 \u0645\u0648\u0627\u0642\u0639\u060c \u0645\u0647\u0627\u062c\u0645 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u06a9\u0644 \u067e\u0627\u0631\u0627\u0645\u062a\u0631 \u062d\u0627\u0648\u06cc \u062a\u0648\u06a9\u0646 (\u0648 \u0646\u0647 \u0641\u0642\u0637 \u0645\u0642\u062f\u0627\u0631 \u0622\u0646 \u0631\u0627) \u0628\u0647 \u0637\u0648\u0631 \u06a9\u0627\u0645\u0644 \u062d\u0630\u0641 \u06a9\u0646\u062f \u062a\u0627 \u0628\u062a\u0648\u0627\u0646\u062f \u0627\u0639\u062a\u0628\u0627\u0631\u0633\u0646\u062c\u06cc \u0631\u0627 \u062f\u0648\u0631 \u0632\u062f\u0647 \u0648 \u062d\u0645\u0644\u0647 CSRF \u0631\u0627 \u0627\u0646\u062c\u0627\u0645 \u062f\u0647\u062f:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-dbc22a7 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"dbc22a7\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-90d19b6\" data-id=\"90d19b6\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-25543e4 elementor-widget elementor-widget-text-editor\" data-id=\"25543e4\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"direction: ltr; text-align: left;\"><span style=\"color: #ffffff;\">POST \/email\/change HTTP\/1.1\u00a0<\/span><\/p><p style=\"direction: ltr; text-align: left;\"><span style=\"color: #ffffff;\">Host: vulnerable-website.com\u00a0\u00a0<\/span><\/p><p style=\"direction: ltr; text-align: left;\"><span style=\"color: #ffffff;\">Content-Type: application\/x-www-form-urlencoded\u00a0<\/span><\/p><p style=\"direction: ltr; text-align: left;\"><span style=\"color: #ffffff;\">Content-Length: 25\u00a0 \u00a0<\/span><\/p><p style=\"direction: ltr; text-align: left;\"><span style=\"color: #ffffff;\">Cookie: session=2yQIDcpia41WrATfjPqvm9tOkDvkMvLm\u00a0 \u00a0<\/span><\/p><p style=\"direction: ltr; text-align: left;\"><span style=\"color: #ffffff;\"><a style=\"color: #ffffff;\" href=\"mailto:email=pwned@evil-user.net\">email=pwned@evil-user.net<\/a><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-25152dc elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"25152dc\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-fac8b7b\" data-id=\"fac8b7b\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-32f9f7d elementor-widget elementor-widget-text-editor\" data-id=\"32f9f7d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h3><strong>\u062a\u0648\u06a9\u0646 <\/strong><strong>CSRF<\/strong><strong> \u0645\u062a\u0639\u0644\u0642 \u0628\u0647 \u0633\u0634\u0646 \u0647\u0645\u0627\u0646 \u06a9\u0627\u0631\u0628\u0631 \u0646\u06cc\u0633\u062a<\/strong><\/h3><p style=\"text-align: justify;\">\u0628\u0639\u0636\u06cc \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646\u200c\u0647\u0627 \u0628\u0631\u0631\u0633\u06cc \u0646\u0645\u06cc\u200c\u06a9\u0646\u0646\u062f \u06a9\u0647 \u062a\u0648\u06a9\u0646 \u0628\u0647 \u0647\u0645\u0627\u0646 \u0633\u0634\u0646\u06cc \u06a9\u0647 \u06a9\u0627\u0631\u0628\u0631 \u0627\u0632 \u0622\u0646 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a \u0631\u0627 \u0627\u0631\u0633\u0627\u0644 \u06a9\u0631\u062f\u0647 \u062a\u0639\u0644\u0642 \u062f\u0627\u0631\u0646\u062f \u06cc\u0627 \u0646\u0647. \u062f\u0631 \u062d\u0642\u06cc\u0642\u062a \u062f\u0631 \u0627\u06cc\u0646 \u0645\u0648\u0627\u0642\u0639 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u06cc\u06a9 \u0645\u062e\u0632\u0646 \u0627\u0632 \u0647\u0645\u0647\u200c\u06cc \u062a\u0648\u06a9\u0646\u200c\u200e\u0647\u0627\u06cc\u06cc \u06a9\u0647 \u0645\u0646\u062a\u0634\u0631 \u06a9\u0631\u062f\u0647 \u062f\u0631 \u0627\u062e\u062a\u06cc\u0627\u0631 \u062f\u0627\u0631\u062f \u0648 \u0647\u0631 \u062a\u0648\u06a9\u0646\u06cc \u0631\u0627 \u06a9\u0647 \u062f\u0631 \u0622\u0646 \u0645\u062e\u0632\u0646 \u0648\u062c\u0648\u062f \u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u062f \u0645\u06cc\u200c\u067e\u0630\u06cc\u0631\u062f.<\/p><p style=\"text-align: justify;\">\u062f\u0631 \u0627\u06cc\u0646 \u0645\u0648\u0627\u0642\u0639\u060c \u0645\u0647\u0627\u062c\u0645 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0628\u0627 \u062d\u0633\u0627\u0628 \u062e\u0648\u062f\u0634 \u062f\u0631 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0644\u0627\u06af\u06cc\u0646 \u06a9\u0646\u062f\u060c \u06cc\u06a9 \u062a\u0648\u06a9\u0646 \u0645\u0639\u062a\u0628\u0631 \u0628\u0647 \u062f\u0633\u062a \u0622\u0648\u0631\u062f\u060c \u0648 \u0633\u067e\u0633 \u0622\u0646 \u062a\u0648\u06a9\u0646 \u0631\u0627 \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 \u062a\u0648\u06a9\u0646 \u06a9\u0627\u0631\u0628\u0631 \u0642\u0631\u0628\u0627\u0646\u06cc \u062f\u0631 \u062d\u0645\u0644\u0647 CSRF \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u062f.<\/p><h3><strong>\u062a\u0648\u06a9\u0646 <\/strong><strong>CSRF<\/strong><strong> \u062f\u0631 \u06a9\u0648\u06a9\u06cc \u063a\u06cc\u0631 \u0627\u0632 \u06a9\u0648\u06a9\u06cc \u0633\u0634\u0646 \u0642\u0631\u0627\u0631 \u06af\u0631\u0641\u062a\u0647<\/strong><\/h3><p style=\"text-align: justify;\">\u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0647\u0645 \u0646\u0648\u0639\u06cc \u0627\u0632 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0642\u0628\u0644\u06cc \u0627\u0633\u062a\u061b \u0628\u0639\u0636\u06cc \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646\u200c\u0647\u0627 \u062a\u0648\u06a9\u0646 CSRF \u0631\u0627 \u062f\u0631 \u06cc\u06a9 \u06a9\u0648\u06a9\u06cc \u0642\u0631\u0627\u0631 \u0645\u06cc\u200c\u062f\u0647\u0646\u062f\u060c \u0648\u0644\u06cc \u0646\u0647 \u0622\u0646 \u06a9\u0648\u06a9\u06cc \u06a9\u0647 \u0628\u0631\u0627\u06cc \u0631\u062f\u06cc\u0627\u0628\u06cc \u0633\u0634\u0646\u200c\u0647\u0627\u06cc \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u0634\u0648\u062f. \u0648\u0642\u062a\u06cc \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0627\u0632 \u062f\u0648 \u0641\u0631\u06cc\u0645\u200c\u200d\u0648\u0631\u06a9 \u0645\u062a\u0641\u0627\u0648\u062a \u0628\u0631\u0627\u06cc \u0627\u062f\u0627\u0631\u0647 \u0633\u0634\u0646\u200c\u0647\u0627 \u0648 \u062d\u0641\u0627\u0638\u062a \u062f\u0631 \u0628\u0631\u0627\u0628\u0631 CSRF \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u062f\u060c \u0627\u06cc\u0646 \u0627\u062a\u0641\u0627\u0642 \u0628\u0647\u200c\u0631\u0627\u062d\u062a\u06cc \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u0631\u062e \u062f\u0647\u062f:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-438eaab elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"438eaab\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-714367e\" data-id=\"714367e\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-6771e6a elementor-widget elementor-widget-text-editor\" data-id=\"6771e6a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"direction: ltr; text-align: left;\"><span style=\"color: #ffffff;\">POST \/email\/change HTTP\/1.1\u00a0<\/span><\/p><p style=\"direction: ltr; text-align: left;\"><span style=\"color: #ffffff;\">Host: vulnerable-website.com\u00a0\u00a0<\/span><\/p><p style=\"direction: ltr; text-align: left;\"><span style=\"color: #ffffff;\">Content-Type: application\/x-www-form-urlencoded\u00a0<\/span><\/p><p style=\"direction: ltr; text-align: left;\"><span style=\"color: #ffffff;\">Content-Length: 68\u00a0 \u00a0<\/span><\/p><p style=\"direction: ltr; text-align: left;\"><span style=\"color: #ffffff;\">Cookie: session=pSJYSScWKpmC60LpFOAHKixuFuM4uXWF; csrfKey=rZHCnSzEp8dbI6atzagGoSYyqJqTz5dv\u00a0 \u00a0<\/span><\/p><p style=\"direction: ltr; text-align: left;\"><span style=\"color: #ffffff;\"><a style=\"color: #ffffff;\" href=\"mailto:csrf=RhV7yQDO0xcq9gLEah2WVbmuFqyOq7tY&amp;email=wiener@normal-user.com\">csrf=RhV7yQDO0xcq9gLEah2WVbmuFqyOq7tY&amp;email=wiener@normal-user.com<\/a><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-9c15491 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"9c15491\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-94e1faf\" data-id=\"94e1faf\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-9ed4872 elementor-widget elementor-widget-text-editor\" data-id=\"9ed4872\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"text-align: justify;\">\u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a\u200c\u06a9\u0631\u062f\u0646 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u062f\u0631 \u0627\u06cc\u0646 \u062d\u0627\u0644\u062a \u0633\u062e\u062a\u200c\u062a\u0631 \u0627\u0633\u062a\u060c \u0648\u0644\u06cc \u0628\u0647 \u0647\u0631 \u062d\u0627\u0644 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631 \u0627\u0633\u062a. \u0627\u06af\u0631 \u0648\u0628\u0633\u0627\u06cc\u062a \u0642\u0627\u0628\u0644\u06cc\u062a\u200c\u0647\u0627 \u0648 \u0627\u0645\u06a9\u0627\u0646\u0627\u062a\u06cc \u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u062f \u06a9\u0647 \u0645\u0647\u0627\u062c\u0645 \u0628\u062a\u0648\u0627\u0646\u062f \u0628\u0647\u200c\u0648\u0627\u0633\u0637\u0647 \u0622\u0646\u200c\u0647\u0627 \u062f\u0631 \u0645\u0631\u0648\u0631\u06af\u0631 \u0642\u0631\u0628\u0627\u0646\u06cc \u06cc\u06a9 \u06a9\u0648\u06a9\u06cc \u062a\u0646\u0638\u06cc\u0645 \u06a9\u0646\u062f\u060c \u062f\u0631 \u0627\u06cc\u0646 \u0635\u0648\u0631\u062a \u0627\u0645\u06a9\u0627\u0646 \u062d\u0645\u0644\u0647 \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u062f. \u0645\u0647\u0627\u062c\u0645 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0628\u0627 \u0627\u06a9\u0627\u0646\u062a \u062e\u0648\u062f\u0634 \u062f\u0627\u062e\u0644 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0644\u0627\u06af\u06cc\u0646 \u06a9\u0646\u062f\u060c \u06cc\u06a9 \u062a\u0648\u06a9\u0646 \u0645\u0639\u062a\u0628\u0631 \u0648 \u06a9\u0648\u06a9\u06cc \u0645\u0631\u0628\u0648\u0637 \u0628\u0647 \u0622\u0646 \u0631\u0627 \u0628\u0647 \u062f\u0633\u062a \u0622\u0648\u0631\u062f\u060c \u0627\u0632 \u0627\u0645\u06a9\u0627\u0646 \u062a\u0646\u0638\u06cc\u0645 \u06a9\u0648\u06a9\u06cc \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0631\u062f\u0647 \u0648 \u06a9\u0648\u06a9\u06cc \u062d\u0627\u0648\u06cc \u062a\u0648\u06a9\u0646 \u062e\u0648\u062f\u0634 \u0631\u0627 \u062f\u0631 \u0645\u0631\u0648\u0631\u06af\u0631 \u0642\u0631\u0628\u0627\u0646\u06cc \u0642\u0631\u0627\u0631 \u062f\u0647\u062f\u060c \u0648 \u0633\u067e\u0633 \u0627\u0632 \u062a\u0648\u06a9\u0646\u06cc \u06a9\u0647 \u062f\u0631 \u0627\u062e\u062a\u06cc\u0627\u0631 \u062f\u0627\u0631\u062f (\u0648 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 \u062a\u0648\u06a9\u0646 \u0642\u0631\u0628\u0627\u0646\u06cc \u0645\u06cc\u200c\u0634\u0646\u0627\u0633\u062f) \u0628\u0631\u0627\u06cc \u0627\u0646\u062c\u0627\u0645 \u062d\u0645\u0644\u0647 CSRF \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u062f.<\/p><p style=\"text-align: justify;\"><strong>\u0646\u06a9\u062a\u0647: <\/strong>\u062d\u062a\u06cc \u0644\u0627\u0632\u0645 \u0646\u06cc\u0633\u062a \u0627\u0645\u06a9\u0627\u0646 \u062a\u0646\u0638\u06cc\u0645 \u06a9\u0648\u06a9\u06cc \u062f\u0631 \u062e\u0648\u062f \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646\u06cc \u0648\u062c\u0648\u062f \u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u062f \u06a9\u0647 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc CSRF \u062f\u0627\u0631\u062f. \u0639\u0645\u0644\u0627\u064b \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u0627\u0632 \u0647\u0631 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u062f\u06cc\u06af\u0631\u06cc \u06a9\u0647 \u062f\u0627\u0645\u0646\u0647 DNS \u06a9\u0644\u06cc \u0622\u0646 \u0628\u0627 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631 \u06cc\u06a9\u0633\u0627\u0646 \u0627\u0633\u062a\u060c \u0628\u0631\u0627\u06cc \u062a\u0646\u0638\u06cc\u0645 \u06a9\u0648\u06a9\u06cc\u200c\u0647\u0627 \u062f\u0631 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0647\u062f\u0641 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0631\u062f\u061b \u0627\u0644\u0628\u062a\u0647 \u0628\u0647 \u0634\u0631\u0637\u06cc \u06a9\u0647 \u06a9\u0648\u06a9\u06cc\u200c\u0647\u0627 \u062f\u0631 scope \u0645\u0646\u0627\u0633\u0628\u06cc \u06a9\u0646\u062a\u0631\u0644 \u0634\u0648\u0646\u062f. \u0628\u0631\u0627\u06cc \u0645\u062b\u0627\u0644 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u0627\u0632 \u0642\u0627\u0628\u0644\u06cc\u062a \u062a\u0646\u0638\u06cc\u0645 \u06a9\u0648\u06a9\u06cc \u062f\u0631 \u062f\u0627\u0645\u0646\u0647 staging.demo.normal-website.com \u0628\u0631\u0627\u06cc \u062a\u0646\u0638\u06cc\u0645 \u06a9\u0648\u06a9\u06cc\u200c\u0647\u0627\u06cc\u06cc \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0631\u062f \u06a9\u0647 \u0628\u0647 \u062f\u0627\u0645\u0646\u0647 secure.normal-website.com \u0641\u0631\u0633\u062a\u0627\u062f\u0647 \u0645\u06cc\u200c\u0634\u0648\u0646\u062f.<\/p><h3 style=\"text-align: justify;\"><strong>\u062a\u0648\u06a9\u0646 <\/strong><strong>CSRF<\/strong><strong> \u0635\u0631\u0641\u0627 \u062f\u0627\u062e\u0644 \u06cc\u06a9 \u06a9\u0648\u06a9\u06cc \u06a9\u067e\u06cc \u0645\u06cc\u200c\u0634\u0648\u062f<\/strong><\/h3><p style=\"text-align: justify;\">\u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0647\u0645 \u0646\u0648\u0639 \u062f\u06cc\u06af\u0631\u06cc \u0627\u0632 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0642\u0628\u0644\u06cc \u0627\u0633\u062a. \u0628\u0639\u0636\u06cc \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646\u200c\u0647\u0627\u060c \u0627\u0632 \u06a9\u0648\u06a9\u06cc\u200c\u0647\u0627\u06cc\u06cc \u06a9\u0647 \u0635\u0627\u062f\u0631 \u06a9\u0631\u062f\u0647\u200c\u0627\u0646\u062f \u0647\u06cc\u0686 \u0627\u0637\u0644\u0627\u0639\u0627\u062a\u06cc \u062f\u0631 \u0633\u0645\u062a \u0633\u0631\u0648\u0631 \u0630\u062e\u06cc\u0631\u0647 \u0646\u0645\u06cc\u200c\u06a9\u0646\u0646\u062f\u060c \u0648\u0644\u06cc \u062f\u0631 \u0639\u0648\u0636 \u0647\u0631 \u062a\u0648\u06a9\u0646\u060c \u0647\u0645 \u062f\u0627\u062e\u0644 \u06a9\u0648\u06a9\u06cc \u0642\u0631\u0627\u0631 \u0645\u06cc\u200c\u06af\u06cc\u0631\u062f \u0648 \u0647\u0645 \u062f\u0627\u062e\u0644 \u067e\u0627\u0631\u0627\u0645\u062a\u0631 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a\u061b \u062d\u0627\u0644 \u0648\u0642\u062a\u06cc \u06cc\u06a9 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a \u0627\u0631\u0633\u0627\u0644 \u0634\u062f \u0648 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u062e\u0648\u0627\u0633\u062a \u0622\u0646 \u0631\u0627 \u0627\u0639\u062a\u0628\u0627\u0631\u0633\u0646\u062c\u06cc \u06a9\u0646\u062f\u060c \u0635\u0631\u0641\u0627 \u0628\u0631\u0631\u0633\u06cc \u0645\u06cc\u200c\u06a9\u0646\u062f \u06a9\u0647 \u062a\u0648\u06a9\u0646 \u062b\u0628\u062a\u200c\u0634\u062f\u0647 \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 \u067e\u0627\u0631\u0627\u0645\u062a\u0631 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a \u0648 \u0645\u0642\u062f\u0627\u0631 \u062a\u0648\u06a9\u0646 \u0645\u0648\u062c\u0648\u062f \u062f\u0631 \u06a9\u0648\u06a9\u06cc \u06cc\u06a9\u06cc \u0628\u0627\u0634\u0646\u062f. \u06af\u0627\u0647\u06cc \u0627\u0648\u0642\u0627\u062a \u0628\u0647 \u0627\u06cc\u0646 \u0631\u0648\u0634\u060c \u0631\u0627\u0647\u06a9\u0627\u0631 \u062f\u0641\u0627\u0639\u06cc \u00ab Double Submit \u00bb \u0639\u0644\u06cc\u0647 CSRF \u0645\u06cc\u200c\u06af\u0648\u06cc\u0646\u062f\u060c \u0648 \u062f\u0644\u06cc\u0644 \u0627\u0633\u062a\u0641\u0627\u062f\u0647\u200c\u06cc \u06af\u0633\u062a\u0631\u062f\u0647 \u0627\u0632 \u0622\u0646 \u0647\u0645 \u0627\u06cc\u0646 \u0627\u0633\u062a \u06a9\u0647 \u067e\u06cc\u0627\u062f\u0647\u200c\u0633\u0627\u0632\u06cc \u0622\u0646 \u0631\u0627\u062d\u062a \u0627\u0633\u062a \u0648 \u0646\u06cc\u0627\u0632 \u0628\u0647 \u0630\u062e\u06cc\u0631\u0647 \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u062f\u0631 \u0633\u0645\u062a \u0633\u0631\u0648\u0631 \u0646\u062f\u0627\u0631\u062f:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-703039e elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"703039e\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-0ff6b84\" data-id=\"0ff6b84\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-0d0d5ee elementor-widget elementor-widget-text-editor\" data-id=\"0d0d5ee\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"direction: ltr; text-align: left;\"><span style=\"color: #ffffff;\">POST \/email\/change HTTP\/1.1\u00a0<\/span><\/p><p style=\"direction: ltr; text-align: left;\"><span style=\"color: #ffffff;\">Host: vulnerable-website.com\u00a0\u00a0<\/span><\/p><p style=\"direction: ltr; text-align: left;\"><span style=\"color: #ffffff;\">Content-Type: application\/x-www-form-urlencoded\u00a0<\/span><\/p><p style=\"direction: ltr; text-align: left;\"><span style=\"color: #ffffff;\">Content-Length: 68\u00a0 \u00a0<\/span><\/p><p style=\"direction: ltr; text-align: left;\"><span style=\"color: #ffffff;\">Cookie: session=1DQGdzYbOJQzLP7460tfyiv3do7MjyPw; csrf=R8ov2YBfTYmzFyjit8o2hKBuoIjXXVpa\u00a0\u00a0<\/span><\/p><p style=\"direction: ltr; text-align: left;\"><a href=\"mailto:csrf=R8ov2YBfTYmzFyjit8o2hKBuoIjXXVpa&amp;email=wiener@normal-user.com\"><span style=\"color: #ffffff;\">csrf=R8ov2YBfTYmzFyjit8o2hKBuoIjXXVpa&amp;email=wiener@normal-user.com<\/span><\/a><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-fe2f94d elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"fe2f94d\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-05e2d0c\" data-id=\"05e2d0c\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-6b631d2 elementor-widget elementor-widget-text-editor\" data-id=\"6b631d2\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"text-align: justify;\">\u062f\u0631 \u0627\u06cc\u0646 \u0645\u0648\u0627\u0642\u0639 \u0646\u06cc\u0632 \u0627\u06af\u0631 \u0648\u0628\u0633\u0627\u06cc\u062a \u0647\u0631\u06af\u0648\u0646\u0647 \u0642\u0627\u0628\u0644\u06cc\u062a \u062a\u0646\u0638\u06cc\u0645 \u06a9\u0648\u06a9\u06cc \u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u062f\u060c \u0645\u0647\u0627\u062c\u0645 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u06cc\u06a9 \u062d\u0645\u0644\u0647 CSRF \u0635\u0648\u0631\u062a \u062f\u0647\u062f. \u062f\u0631 \u0627\u06cc\u0646\u200c\u062c\u0627 \u0645\u0647\u0627\u062c\u0645 \u062d\u062a\u06cc \u0646\u06cc\u0627\u0632 \u0646\u062f\u0627\u0631\u062f \u06cc\u06a9 \u062a\u0648\u06a9\u0646 \u0645\u0639\u062a\u0628\u0631 \u0628\u0631\u0627\u06cc \u062e\u0648\u062f\u0634 \u0628\u0647 \u062f\u0633\u062a \u0622\u0648\u0631\u062f. \u06a9\u0627\u0641\u06cc\u200c\u0627\u0633\u062a \u06cc\u06a9 \u062a\u0648\u06a9\u0646 \u062c\u0639\u0644\u06cc \u062f\u0631\u0633\u062a \u06a9\u0646\u062f (\u062f\u0631 \u0635\u0648\u0631\u062a\u06cc \u06a9\u0647 \u0642\u0627\u0644\u0628 \u062a\u0648\u06a9\u0646 \u062a\u0648\u0633\u0637 \u0633\u0631\u0648\u0631 \u0686\u06a9 \u0645\u06cc\u200c\u0634\u0648\u062f\u060c \u0627\u06cc\u0646 \u062a\u0648\u06a9\u0646 \u0628\u0627\u06cc\u062f \u0642\u0627\u0644\u0628 \u0645\u0646\u0627\u0633\u0628\u06cc \u0647\u0645 \u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u062f)\u060c \u0648 \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0642\u0627\u0628\u0644\u06cc\u062a \u062a\u0646\u0638\u06cc\u0645 \u06a9\u0648\u06a9\u06cc\u060c \u06a9\u0648\u06a9\u06cc \u062e\u0648\u062f \u0631\u0627 \u062f\u0631 \u0645\u0631\u0648\u0631\u06af\u0631 \u0642\u0631\u0628\u0627\u0646\u06cc \u0642\u0631\u0627\u0631 \u062f\u0647\u062f\u060c \u0648 \u062a\u0648\u06a9\u0646 \u062e\u0648\u062f \u0631\u0627 \u062d\u06cc\u0646 \u062d\u0645\u0644\u0647 CSRF \u062f\u0631 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a\u200c\u0647\u0627\u06cc \u0642\u0631\u0628\u0627\u0646\u06cc \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u062f.<\/p>\n\n<h2 id=\"referer-defense\" style=\"text-align: justify;\"><strong>\u0631\u0648\u0634\u200c\u0647\u0627\u06cc \u062f\u0641\u0627\u0639\u06cc \u0645\u0628\u062a\u0646\u06cc\u200c\u0628\u0631 <\/strong><strong>Referer<\/strong><strong> \u0628\u0631\u0627\u06cc \u062c\u0644\u0648\u06af\u06cc\u0631\u06cc \u0627\u0632 <\/strong><strong>CSRF<\/strong><\/h2>\n<p style=\"text-align: justify;\">\u0639\u0644\u0627\u0648\u0647 \u0628\u0631 \u0631\u0648\u0634\u200e\u0647\u0627\u06cc\u06cc \u06a9\u0647 \u0627\u0632 \u062a\u0648\u06a9\u0646\u200c\u0647\u0627\u06cc CSRF \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u06a9\u0646\u0646\u062f\u060c \u0628\u0631\u062e\u06cc \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646\u200c\u0647\u0627 \u0628\u0631\u0627\u06cc \u062f\u0641\u0627\u0639 \u0627\u0632 \u062e\u0648\u062f \u062f\u0631 \u0628\u0631\u0627\u0628\u0631 CSRF\u060c \u0627\u0632 \u0647\u062f\u0631 Referer \u062f\u0631 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a\u200c\u0647\u0627\u06cc HTTP \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u06a9\u0646\u0646\u062f. \u0627\u06cc\u0646 \u06a9\u0627\u0631 \u0645\u0639\u0645\u0648\u0644\u0627 \u0628\u0627 \u0647\u062f\u0641 \u0627\u06cc\u0646 \u0627\u0645\u0631 \u0627\u0646\u062c\u0627\u0645 \u0645\u06cc\u200c\u0634\u0648\u062f \u06a9\u0647 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0627\u0637\u0645\u06cc\u0646\u0627\u0646 \u062d\u0627\u0635\u0644 \u06a9\u0646\u062f\u060c \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a\u200c\u0647\u0627 \u0627\u0632 \u062f\u0627\u0645\u0646\u0647\u200c\u06cc \u062e\u0648\u062f\u0634 \u0627\u0631\u0633\u0627\u0644 \u0634\u062f\u0647\u200c\u0627\u0646\u062f. \u0627\u06cc\u0646 \u0631\u0648\u0634 \u0645\u0639\u0645\u0648\u0644\u0627 \u06a9\u0645\u062a\u0631 \u0645\u0648\u062b\u0631 \u0648\u0627\u0642\u0639 \u0645\u06cc\u200c\u0634\u0648\u062f \u0648 \u0627\u06a9\u062b\u0631 \u0627\u0648\u0642\u0627\u062a \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u0622\u0646 \u0631\u0627 \u062f\u0648\u0631 \u0632\u062f.<\/p>\n<p style=\"text-align: justify;\"><strong>\u0647\u062f\u0631 <\/strong><strong>Referer<\/strong> \u062f\u0631 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a\u200c\u0647\u0627\u06cc HTTP (\u06a9\u0647 \u062f\u0631 \u0648\u0627\u0642\u0639 \u0645\u0646\u0638\u0648\u0631 \u0627\u0632 \u0622\u0646 \u06a9\u0644\u0645\u0647 Referrer \u0627\u0633\u062a \u0648 \u062f\u0631 \u062a\u0639\u0631\u06cc\u0641 HTTP \u0633\u0647\u0648\u0627\u064b \u0628\u0627 \u063a\u0644\u0637 \u0627\u0645\u0644\u0627\u06cc\u06cc \u0622\u0645\u062f\u0647 \u0627\u0633\u062a) \u06cc\u06a9 \u0647\u062f\u0631 \u0627\u062e\u062a\u06cc\u0627\u0631\u06cc \u0627\u0633\u062a. \u0648\u0642\u062a\u06cc \u0644\u06cc\u0646\u06a9 \u06cc\u06a9 \u0645\u0646\u0628\u0639 \u062f\u0631 \u06cc\u06a9 \u0635\u0641\u062d\u0647 \u0642\u0631\u0627\u0631 \u0645\u06cc\u200c\u06af\u06cc\u0631\u062f \u0648 \u0645\u0646\u0628\u0639 \u0645\u0648\u0631\u062f \u0646\u0638\u0631 \u0627\u0632 \u0637\u0631\u06cc\u0642 \u0622\u0646 \u0635\u0641\u062d\u0647 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a \u0645\u06cc\u200c\u0634\u0648\u062f\u060c URL \u0635\u0641\u062d\u0647\u200c\u200e\u06cc \u0645\u0630\u06a9\u0648\u0631 \u062f\u0627\u062e\u0644 \u0647\u062f\u0631 Referer \u0622\u0646 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a \u0642\u0631\u0627\u0631 \u0645\u06cc\u200c\u06af\u06cc\u0631\u062f. \u0645\u0639\u0645\u0648\u0644\u0627 \u0648\u0642\u062a\u06cc \u06a9\u0627\u0631\u0628\u0631 \u0628\u0627 \u06a9\u0627\u0631\u0647\u0627\u06cc\u06cc \u0645\u062b\u0644 \u06a9\u0644\u06cc\u06a9\u200c\u06a9\u0631\u062f\u0646 \u0631\u0648\u06cc \u06cc\u06a9 \u0644\u06cc\u0646\u06a9 \u06cc\u0627 \u062b\u0628\u062a \u06cc\u06a9 \u0641\u0631\u0645\u060c \u06cc\u06a9 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a HTTP \u0627\u0631\u0633\u0627\u0644 \u0645\u06cc\u200c\u06a9\u0646\u062f\u060c \u0645\u0631\u0648\u0631\u06af\u0631 \u0628\u0647 \u0637\u0648\u0631 \u062e\u0648\u062f\u06a9\u0627\u0631 \u0627\u06cc\u0646 \u0647\u062f\u0631 \u0631\u0627 \u062f\u0631 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a \u0642\u0631\u0627\u0631 \u0645\u06cc\u200c\u062f\u0647\u062f. \u0645\u062a\u062f\u0647\u0627\u06cc \u0645\u062e\u062a\u0644\u0641\u06cc \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u0646\u062f \u06a9\u0647 \u0628\u0647 \u0635\u0641\u062d\u0647\u200c\u0627\u06cc \u06a9\u0647 \u0644\u06cc\u0646\u06a9 \u062f\u0631 \u0622\u0646 \u0642\u0631\u0627\u0631 \u06af\u0631\u0641\u062a\u0647 \u0627\u062c\u0627\u0632\u0647 \u0645\u06cc\u200c\u062f\u0647\u0646\u062f \u0645\u0642\u062f\u0627\u0631 \u0647\u062f\u0631 Referer \u0631\u0627 \u062a\u063a\u06cc\u06cc\u0631 \u062f\u0627\u062f\u0647 \u06cc\u0627 \u0622\u0646 \u0631\u0627 \u0628\u0647 \u06a9\u0644\u06cc \u062d\u0630\u0641 \u06a9\u0646\u0646\u062f. \u0627\u06cc\u0646 \u0645\u062a\u062f\u0647\u0627 \u0639\u0645\u062f\u062a\u0627 \u0628\u0647 \u062e\u0627\u0637\u0631 \u062d\u0641\u0638 \u062d\u0631\u06cc\u0645 \u062e\u0635\u0648\u0635\u06cc \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u0634\u0648\u0646\u062f.<\/p>\n\n<h3 style=\"text-align: justify;\"><strong>\u0627\u0639\u062a\u0628\u0627\u0631\u0633\u0646\u062c\u06cc <\/strong><strong>Referer<\/strong><strong> \u0628\u0647 \u0648\u062c\u0648\u062f \u0647\u062f\u0631 \u0622\u0646 \u0628\u0633\u062a\u06af\u06cc \u062f\u0627\u0631\u062f<\/strong><\/h3>\n<p style=\"text-align: justify;\">\u0628\u0639\u0636\u06cc \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646\u200c\u0647\u0627 \u0641\u0642\u0637 \u0632\u0645\u0627\u0646\u06cc \u0647\u062f\u0631 Referer \u0631\u0627 \u0627\u0639\u062a\u0628\u0627\u0631\u0633\u0646\u062c\u06cc \u0645\u06cc\u200c\u06a9\u0646\u0646\u062f \u06a9\u0647 \u062f\u0631 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a\u200c\u0647\u0627 \u0648\u062c\u0648\u062f \u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u062f\u060c \u0648\u0644\u06cc\u00a0 \u0627\u06af\u0631 \u0627\u06cc\u0646 \u0647\u062f\u0631 \u0627\u0632 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a \u062d\u0630\u0641 \u0634\u062f\u0647 \u0628\u0627\u0634\u062f\u060c \u0627\u0639\u062a\u0628\u0627\u0631\u0633\u0646\u062c\u06cc \u0631\u0627 \u0627\u0646\u062c\u0627\u0645 \u0646\u0645\u06cc\u200c\u062f\u0647\u0646\u062f.<\/p>\n<p style=\"text-align: justify;\">\u062f\u0631 \u0627\u06cc\u0646 \u0645\u0648\u0627\u0642\u0639\u060c \u0645\u0647\u0627\u062c\u0645 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a CSRF \u062e\u0648\u062f \u0631\u0627 \u0628\u0647 \u06af\u0648\u0646\u0647\u200c\u0627\u06cc \u0637\u0631\u0627\u062d\u06cc \u06a9\u0646\u062f \u06a9\u0647 \u0628\u0627\u0639\u062b \u0634\u0648\u062f \u0645\u0631\u0648\u0631\u06af\u0631 \u0642\u0631\u0628\u0627\u0646\u06cc \u0647\u062f\u0631 Referer \u0631\u0627 \u0627\u0632 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a \u0645\u0648\u0631\u062f \u0646\u0638\u0631 \u0645\u0647\u0627\u062c\u0645 \u062d\u0630\u0641 \u06a9\u0646\u062f. \u0631\u0627\u0647\u200c\u0647\u0627\u06cc \u0645\u062a\u0646\u0648\u0639\u06cc \u0628\u0631\u0627\u06cc \u0627\u0646\u062c\u0627\u0645 \u0627\u06cc\u0646 \u06a9\u0627\u0631 \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u062f\u060c \u0648\u0644\u06cc \u0622\u0633\u0627\u0646\u200c\u062a\u0631\u06cc\u0646 \u0631\u0627\u0647 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u06cc\u06a9 \u062a\u06af META \u062f\u0631 \u0635\u0641\u062d\u0647\u200c\u06cc HTML \u0645\u06cc\u0632\u0628\u0627\u0646 \u062d\u0645\u0644\u0647\u200c\u06cc CSRF \u0627\u0633\u062a:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-9a59b77 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"9a59b77\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-baf4b8d\" data-id=\"baf4b8d\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-8d95a35 elementor-widget elementor-widget-text-editor\" data-id=\"8d95a35\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"direction: ltr; text-align: left;\"><span style=\"color: #ffffff;\">&lt;meta name=&#8221;referrer&#8221; content=&#8221;never&#8221;&gt;<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-9b5ab55 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"9b5ab55\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-612df5d\" data-id=\"612df5d\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-789a690 elementor-widget elementor-widget-text-editor\" data-id=\"789a690\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h3><strong>\u0627\u0639\u062a\u0628\u0627\u0631\u0633\u0646\u062c\u06cc <\/strong><strong>Referer<\/strong><strong> \u0642\u0627\u0628\u0644 \u062f\u0648\u0631 \u0632\u062f\u0646 \u0627\u0633\u062a\u00a0<\/strong><\/h3><p style=\"text-align: justify;\">\u062f\u0631 \u0628\u0631\u062e\u06cc \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646\u200c\u0647\u0627\u060c \u0627\u0639\u062a\u0628\u0627\u0631\u0633\u0646\u062c\u06cc \u0647\u062f\u0631 Referer \u0628\u0627 \u062f\u0642\u062a \u06a9\u0627\u0641\u06cc \u067e\u06cc\u0627\u062f\u0647\u200c\u0633\u0627\u0632\u06cc \u0646\u0634\u062f\u0647 \u0648 \u0628\u0647 \u0647\u0645\u06cc\u0646 \u062e\u0627\u0637\u0631 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u0622\u0646 \u0631\u0627 \u062f\u0648\u0631 \u0632\u062f. \u0628\u0631\u0627\u06cc \u0645\u062b\u0627\u0644\u060c \u0627\u06af\u0631 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0641\u0642\u0637 \u0628\u0631\u0631\u0633\u06cc \u06a9\u0646\u062f \u06a9\u0647 \u062f\u0627\u0645\u0646\u0647 \u0622\u0645\u062f\u0647 \u062f\u0631 Referer \u0628\u0627 \u0645\u0642\u062f\u0627\u0631 \u0645\u0648\u0631\u062f \u0627\u0646\u062a\u0638\u0627\u0631 \u06cc\u0627 \u0647\u0645\u0627\u0646 \u062f\u0627\u0645\u0646\u0647 \u0645\u0639\u062a\u0628\u0631 \u0634\u0631\u0648\u0639 \u0645\u06cc\u200c\u0634\u0648\u062f \u06cc\u0627 \u0646\u0647\u060c \u0645\u0647\u0627\u062c\u0645 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u062f\u0627\u0645\u0646\u0647\u200c\u06cc \u0645\u0639\u062a\u0628\u0631 \u0631\u0627 \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 \u0632\u06cc\u0631\u062f\u0627\u0645\u0646\u0647\u200c\u0627\u06cc \u0627\u0632 \u062f\u0627\u0645\u0646\u0647\u200c\u06cc \u062e\u0648\u062f\u0634 \u0628\u06cc\u0627\u0648\u0631\u062f:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-e062c93 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"e062c93\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-eb1ff34\" data-id=\"eb1ff34\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-2d32364 elementor-widget elementor-widget-text-editor\" data-id=\"2d32364\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"direction: ltr; text-align: left;\"><span style=\"color: #ffffff;\">\u00a0<a style=\"color: #ffffff;\" href=\"http:\/\/vulnerable-website.com.attacker-website.com\/csrf-attack\">http:\/\/vulnerable-website.com.attacker-website.com\/csrf-attack<\/a><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-d8f0178 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"d8f0178\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-da674d8\" data-id=\"da674d8\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-6a1f02d elementor-widget elementor-widget-text-editor\" data-id=\"6a1f02d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"text-align: justify;\">\u0628\u0647 \u0647\u0645\u06cc\u0646 \u0635\u0648\u0631\u062a\u060c \u0627\u06af\u0631 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0641\u0642\u0637 \u0628\u0631\u0631\u0633\u06cc \u06a9\u0646\u062f \u06a9\u0647 Referer \u0635\u0631\u0641\u0627\u064b \u062d\u0627\u0648\u06cc \u062f\u0627\u0645\u0646\u0647\u200c\u06cc \u0645\u0639\u062a\u0628\u0631 \u0628\u0627\u0634\u062f\u060c \u0645\u0647\u0627\u062c\u0645 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u062f\u0627\u0645\u0646\u0647\u200c\u06cc \u0645\u0639\u062a\u0628\u0631 \u0631\u0627 \u062f\u0631 \u062c\u0627\u06cc \u062f\u06cc\u06af\u0631\u06cc \u0627\u0632 URL \u0642\u0631\u0627\u0631 \u062f\u0647\u062f:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-a61e2aa elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"a61e2aa\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-208f4e3\" data-id=\"208f4e3\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-4dd7919 elementor-widget elementor-widget-text-editor\" data-id=\"4dd7919\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"text-align: left;\"><span style=\"color: #ffffff;\"><a style=\"color: #ffffff;\" href=\"http:\/\/attacker-website.com\/csrf-attack?vulnerable-website.com\">http:\/\/attacker-website.com\/csrf-attack?vulnerable-website.com<\/a>\u00a0<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-f27ba99 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"f27ba99\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-3333329\" data-id=\"3333329\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-7f55a17 elementor-widget elementor-widget-text-editor\" data-id=\"7f55a17\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"text-align: justify;\"><strong>\u0646\u06a9\u062a\u0647: <\/strong>\u0627\u06af\u0631\u0686\u0647 \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u0628\u062a\u0648\u0627\u0646\u06cc\u062f \u0627\u06cc\u0646 \u0631\u0641\u062a\u0627\u0631 \u0631\u0627 \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 Burp \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u06a9\u0646\u06cc\u062f\u060c \u0645\u062f\u062a\u06cc \u0627\u0633\u062a \u0627\u06cc\u0646 \u0631\u0648\u06cc\u06a9\u0631\u062f \u0628\u0631\u0627\u06cc \u062a\u0633\u062a PoC\u060c \u062f\u06cc\u06af\u0631 \u062f\u0631 \u0645\u0631\u0648\u0631\u06af\u0631\u0647\u0627 \u062c\u0648\u0627\u0628 \u0646\u0645\u06cc\u200c\u062f\u0647\u062f. \u062f\u0644\u06cc\u0644 \u0622\u0646 \u0647\u0645 \u0627\u06cc\u0646 \u0627\u0633\u062a \u06a9\u0647 \u0628\u0631\u0627\u06cc \u06a9\u0645\u062a\u0631\u0634\u062f\u0646 \u062e\u0637\u0631 \u0646\u0634\u062a \u062f\u0627\u062f\u0647\u200c\u0647\u0627\u06cc \u062d\u0633\u0627\u0633 \u0627\u0632 \u0627\u06cc\u0646 \u0637\u0631\u06cc\u0642\u060c \u0628\u0633\u06cc\u0627\u0631\u06cc \u0627\u0632 \u0645\u0631\u0648\u0631\u06af\u0631\u0647\u0627 \u0628\u0647 \u0635\u0648\u0631\u062a \u067e\u06cc\u0634\u200c\u0641\u0631\u0636 \u0627\u0633\u062a\u0631\u06cc\u0646\u06af \u06a9\u0648\u0626\u0631\u06cc \u0631\u0627 \u0627\u0632 \u0647\u062f\u0631 Referer \u062d\u0630\u0641 \u0645\u06cc\u200c\u06a9\u0646\u0646\u062f.<\/p>\n<p style=\"text-align: justify;\">\u0628\u0631\u0627\u06cc \u062a\u063a\u06cc\u06cc\u0631 \u0627\u06cc\u0646 \u0631\u0641\u062a\u0627\u0631\u060c \u0628\u0627\u06cc\u062f \u0627\u0637\u0645\u06cc\u0646\u0627\u0646 \u062d\u0627\u0635\u0644 \u06a9\u0646\u06cc\u062f \u06a9\u0647 \u062f\u0631 \u067e\u0627\u0633\u062e\u06cc \u06a9\u0647 \u062d\u0627\u0648\u06cc \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a \u0634\u0645\u0627\u0633\u062a\u060c \u0647\u062f\u0631 Referrer-Policy: unsafe-url \u062a\u0646\u0638\u06cc\u0645 \u0634\u062f\u0647 \u0628\u0627\u0634\u062f (\u062f\u0642\u062a \u06a9\u0646\u06cc\u062f \u06a9\u0647 \u062f\u0631 \u0627\u06cc\u0646\u200c\u062c\u0627 Referrer \u0628\u062f\u0648\u0646 \u063a\u0644\u0637 \u0627\u0645\u0644\u0627\u06cc\u06cc \u0646\u0648\u0634\u062a\u0647 \u0645\u06cc\u200c\u0634\u0648\u062f!). \u0628\u0627 \u0627\u06cc\u0646 \u06a9\u0627\u0631 URL \u0628\u0647 \u0637\u0648\u0631 \u06a9\u0627\u0645\u0644 (\u06cc\u0639\u0646\u06cc \u0628\u0647 \u0639\u0644\u0627\u0648\u0647 \u0627\u0633\u062a\u0631\u06cc\u0646\u06af \u06a9\u0648\u0626\u0631\u06cc) \u0627\u0631\u0633\u0627\u0644 \u062e\u0648\u0627\u0647\u062f \u0634\u062f.<\/p>\n\n<h2 id=\"xss-vs-csrf\" style=\"text-align: justify;\"><strong>\u062a\u0641\u0627\u0648\u062a <\/strong><strong>XSS<\/strong><strong> \u0648 <\/strong><strong>CSRF<\/strong><strong> \u0686\u06cc\u0633\u062a\u061f<\/strong><\/h2>\n<p style=\"text-align: justify;\">\u062d\u0645\u0644\u0647 XSS \u06cc\u0627 \u00ab\u062a\u0632\u0631\u06cc\u0642 \u0627\u0633\u06a9\u0631\u06cc\u067e\u062a \u0627\u0632 \u0637\u0631\u06cc\u0642 \u0648\u0628\u06af\u0627\u0647\u00bb \u0628\u0647 \u0645\u0647\u0627\u062c\u0645 \u0627\u062c\u0627\u0632\u0647 \u0645\u06cc\u200c\u062f\u0647\u062f \u06a9\u062f\u0647\u0627\u06cc \u062c\u0627\u0648\u0627\u0627\u0633\u06a9\u0631\u06cc\u067e\u062a \u062f\u0644\u062e\u0648\u0627\u0647 \u062e\u0648\u062f \u0631\u0627 \u062f\u0631 \u0645\u0631\u0648\u0631\u06af\u0631 \u06cc\u06a9 \u06a9\u0627\u0631\u0628\u0631 \u0642\u0631\u0628\u0627\u0646\u06cc \u0627\u062c\u0631\u0627 \u06a9\u0646\u062f.<\/p>\n<p style=\"text-align: justify;\">\u062d\u0645\u0644\u0647 CSRF \u06cc\u0627 \u00ab\u062c\u0639\u0644 \u062f\u0631\u062e\u0648\u0627\u0633\u062a \u0645\u06cc\u0627\u0646\u200c\u0648\u0628\u0633\u0627\u06cc\u062a\u06cc\u00bb \u0628\u0647 \u0645\u0647\u0627\u062c\u0645 \u0627\u062c\u0627\u0632\u0647 \u0645\u06cc\u200c\u062f\u0647\u062f \u06a9\u0647 \u0627\u0632 \u0637\u0631\u06cc\u0642 \u0645\u0631\u0648\u0631\u06af\u0631 \u06a9\u0627\u0631\u0628\u0631 \u0642\u0631\u0628\u0627\u0646\u06cc \u0648 \u0628\u062f\u0648\u0646 \u062e\u0648\u0627\u0633\u062a \u0648 \u0627\u0637\u0644\u0627\u0639 \u0627\u0648\u060c \u0627\u0642\u062f\u0627\u0645\u0627\u062a\u06cc \u0631\u0627 \u0627\u0632 \u0637\u0631\u0641 \u0642\u0631\u0628\u0627\u0646\u06cc \u0627\u0646\u062c\u0627\u0645 \u062f\u0647\u062f.<\/p>\n<p style=\"text-align: justify;\">\u0639\u0648\u0627\u0642\u0628 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc XSS \u0645\u0639\u0645\u0648\u0644\u0627 \u062e\u0637\u0631\u0646\u0627\u06a9\u200c\u062a\u0631 \u0627\u0632 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc CSRF \u0647\u0633\u062a\u0646\u062f:<\/p>\n\n<ul style=\"text-align: justify;\">\n \t<li>\u062d\u0645\u0644\u0647 CSRF \u0645\u0639\u0645\u0648\u0644\u0627 \u0628\u0647 \u0632\u06cc\u0631\u0645\u062c\u0645\u0648\u0639\u0647\u200c\u0627\u06cc \u06a9\u0648\u0686\u06a9 \u0627\u0632 \u0627\u0642\u062f\u0627\u0645\u0627\u062a \u0645\u062d\u062f\u0648\u062f \u0645\u06cc\u200c\u0634\u0648\u062f \u06a9\u0647 \u06a9\u0627\u0631\u0628\u0631 \u0642\u0627\u062f\u0631 \u0628\u0647 \u0627\u0646\u062c\u0627\u0645 \u0622\u0646\u200c\u0647\u0627\u0633\u062a. \u0628\u0633\u06cc\u0627\u0631\u06cc \u0627\u0632 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646\u200c\u0647\u0627 \u0631\u0627\u0647\u06a9\u0627\u0631\u0647\u0627\u06cc \u062f\u0641\u0627\u0639 \u062f\u0631 \u0628\u0631\u0627\u0628\u0631 CSRF \u0631\u0627 \u0628\u0647 \u0635\u0648\u0631\u062a \u06a9\u0644\u06cc \u067e\u06cc\u0627\u062f\u0647\u200c\u0633\u0627\u0632\u06cc \u0645\u06cc\u200c\u06a9\u0646\u0646\u062f \u062a\u0627 \u0627\u06af\u0631 \u06cc\u06a9\u06cc-\u062f\u0648 \u0627\u0642\u062f\u0627\u0645 \u062d\u0633\u0627\u0633 \u0627\u0632 \u0642\u0644\u0645 \u0627\u0641\u062a\u0627\u062f\u060c \u0622\u0646 \u0627\u0642\u062f\u0627\u0645\u0627\u062a \u0646\u06cc\u0632 \u067e\u0648\u0634\u0634 \u062f\u0627\u062f\u0647 \u0634\u0648\u0646\u062f. \u0648\u0644\u06cc \u0627\u0632 \u0637\u0631\u0641 \u062f\u06cc\u06af\u0631\u060c \u06cc\u06a9 \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a XSS \u0639\u0645\u062f\u062a\u0627 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0627\u0632 \u0637\u0631\u0641 \u06a9\u0627\u0631\u0628\u0631 \u0642\u0631\u0628\u0627\u0646\u06cc \u0647\u0631 \u0627\u0642\u062f\u0627\u0645\u06cc \u0631\u0627 \u06a9\u0647 \u0622\u0646 \u06a9\u0627\u0631\u0628\u0631 \u0642\u0627\u062f\u0631 \u0628\u0647 \u0627\u0646\u062c\u0627\u0645 \u0622\u0646 \u0628\u0627\u0634\u062f\u060c \u0627\u0646\u062c\u0627\u0645 \u062f\u0647\u062f\u060c \u0641\u0627\u0631\u063a \u0627\u0632 \u0627\u06cc\u0646 \u06a9\u0647 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0628\u0647 \u062e\u0627\u0637\u0631 \u06a9\u062f\u0627\u0645 \u0642\u0627\u0628\u0644\u06cc\u062a \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0628\u0647 \u0648\u062c\u0648\u062f \u0622\u0645\u062f\u0647 \u0627\u0633\u062a.<\/li>\n \t<li>CSRF \u0631\u0627 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 \u06cc\u06a9 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u00ab\u06cc\u06a9\u200c\u0637\u0631\u0641\u0647\u00bb \u062a\u0639\u0631\u06cc\u0641 \u06a9\u0631\u062f\u060c \u06cc\u0639\u0646\u06cc \u0648\u0642\u062a\u06cc \u0645\u0647\u0627\u062c\u0645 \u0628\u062a\u0648\u0627\u0646\u062f \u0627\u0632 \u0637\u0631\u0641 \u0642\u0631\u0628\u0627\u0646\u06cc \u06cc\u06a9 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a HTTP \u0627\u0631\u0633\u0627\u0644 \u06a9\u0646\u062f\u060c \u0646\u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u067e\u0627\u0633\u062e \u0622\u0646 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a \u0631\u0627 \u0628\u0647 \u062f\u0633\u062a \u0622\u0648\u0631\u062f. \u0628\u0631 \u062e\u0644\u0627\u0641 CSRF\u060c \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc XSS \u06cc\u06a9 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u00ab\u062f\u0648\u0637\u0631\u0641\u0647\u00bb \u0627\u0633\u062a\u060c \u06cc\u0639\u0646\u06cc \u0627\u0633\u06a9\u0631\u06cc\u067e\u062a \u062a\u0632\u0631\u06cc\u0642 \u0634\u062f\u0647 \u062a\u0648\u0633\u0637 \u0645\u0647\u0627\u062c\u0645 \u0645\u06cc\u200c\u200e\u062a\u0648\u0627\u0646\u062f \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a\u200c\u0647\u0627\u06cc \u062f\u0644\u062e\u0648\u0627\u0647 \u0627\u0648 \u0631\u0627 \u062a\u0648\u0644\u06cc\u062f \u0648 \u0627\u0631\u0633\u0627\u0644 \u06a9\u0646\u062f\u060c \u067e\u0627\u0633\u062e\u200c\u0647\u0627 \u0631\u0627 \u0628\u062e\u0648\u0627\u0646\u062f\u060c \u0648 \u062f\u0627\u062f\u0647\u200c\u0647\u0627 \u0631\u0627 \u0627\u0633\u062a\u062e\u0631\u0627\u062c \u06a9\u0631\u062f\u0647 \u0648 \u0628\u0647 \u06cc\u06a9 \u062f\u0627\u0645\u0646\u0647\u200c\u06cc \u062e\u0627\u0631\u062c\u06cc \u0645\u062a\u0639\u0644\u0642 \u0628\u0647 \u0645\u0647\u0627\u062c\u0645 \u0627\u0631\u0633\u0627\u0644 \u06a9\u0646\u062f.<\/li>\n<\/ul>\n<h3 id=\"can-we-stop-xss-with-csrf\" style=\"text-align: justify;\"><strong>\u0622\u06cc\u0627 \u0628\u0627 \u062a\u0648\u06a9\u0646\u200c\u0647\u0627\u06cc <\/strong><strong>CSRF<\/strong><strong> \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u062c\u0644\u0648\u06cc \u062d\u0645\u0644\u0627\u062a <\/strong><strong>XSS<\/strong><strong> \u0631\u0627 \u06af\u0631\u0641\u062a\u061f\u00a0<\/strong><\/h3>\n<p style=\"text-align: justify;\">\u0634\u0627\u06cc\u062f \u062c\u0627\u0644\u0628 \u0628\u0627\u0634\u062f \u06a9\u0647 \u0628\u0631\u062e\u06cc \u0627\u0632 \u062d\u0645\u0644\u0627\u062a XSS \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647\u200c\u06cc \u0645\u0648\u062b\u0631 \u0648 \u062f\u0631\u0633\u062a \u0627\u0632 \u062a\u0648\u06a9\u0646\u200c\u0647\u0627\u06cc CSRF \u0642\u0627\u0628\u0644 \u067e\u06cc\u0634\u06af\u06cc\u0631\u06cc \u0647\u0633\u062a\u0646\u062f. \u06cc\u06a9 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0633\u0627\u062f\u0647 Reflected XSS \u0631\u0627 \u062f\u0631 \u0646\u0638\u0631 \u0628\u06af\u06cc\u0631\u06cc\u062f \u06a9\u0647 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u0622\u0646 \u0631\u0627 \u0628\u0647 \u0627\u06cc\u0646 \u0635\u0648\u0631\u062a \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a \u06a9\u0631\u062f:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-f11d453 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"f11d453\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-2573e38\" data-id=\"2573e38\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-b593810 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"b593810\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-76218d4\" data-id=\"76218d4\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-8cd9fa9 elementor-widget elementor-widget-text-editor\" data-id=\"8cd9fa9\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"text-align: justify;\">\u062d\u0627\u0644\u0627 \u0641\u0631\u0636 \u06a9\u0646\u06cc\u062f \u06a9\u0647 \u0627\u06cc\u0646 \u0642\u0627\u0628\u0644\u06cc\u062a \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u060c \u0627\u0632 \u06cc\u06a9 \u062a\u0648\u06a9\u0646 CSRF \u0647\u0645 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u062f:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-c83b3d6 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"c83b3d6\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-46ce46f\" data-id=\"46ce46f\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-743e15f elementor-widget elementor-widget-text-editor\" data-id=\"743e15f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"direction: ltr; text-align: left;\"><span style=\"color: #ffffff;\">\u00a0<a style=\"color: #ffffff;\" href=\"https:\/\/insecure-website.com\/status?csrf-token=CIwNZNlR4XbisJF39I8yWnWX9wX4WFoz&amp;message=%3cscript%3e\/*+Bad+stuff+here...+*\/%3c\/script\">https:\/\/insecure-website.com\/status?csrf-token=CIwNZNlR4XbisJF39I8yWnWX9wX4WFoz&amp;message=&lt;script&gt;\/*+Bad+stuff+here&#8230;+*\/&lt;\/script<\/a>&gt;\u00a0\u00a0\u00a0<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-ae355d3 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"ae355d3\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-9c3d11b\" data-id=\"9c3d11b\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-c00993e elementor-widget elementor-widget-text-editor\" data-id=\"c00993e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"text-align: justify;\">\u0628\u0627 \u0641\u0631\u0636 \u0627\u06cc\u0646 \u06a9\u0647 \u0633\u0631\u0648\u0631 \u0628\u0647 \u062f\u0631\u0633\u062a\u06cc \u062a\u0648\u06a9\u0646 CSRF \u0631\u0627 \u0627\u0639\u062a\u0628\u0627\u0631\u0633\u0646\u062c\u06cc \u0645\u06cc\u200c\u06a9\u0646\u062f\u060c \u0648 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a\u200c\u0647\u0627\u06cc\u06cc \u0631\u0627 \u06a9\u0647 \u06cc\u06a9 \u062a\u0648\u06a9\u0646 \u0645\u0639\u062a\u0628\u0631 \u0646\u062f\u0627\u0631\u0646\u062f \u0631\u06cc\u062c\u06a9\u062a \u0645\u06cc\u200c\u06a9\u0646\u062f\u060c \u062f\u0631 \u0627\u06cc\u0646 \u0635\u0648\u0631\u062a \u062a\u0648\u06a9\u0646 \u0627\u0632 \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a\u200c\u0634\u062f\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc XSS \u062c\u0644\u0648\u06af\u06cc\u0631\u06cc \u0645\u06cc\u200c\u06a9\u0646\u062f. \u062f\u0644\u06cc\u0644 \u0622\u0646 \u0631\u0627 \u0647\u0645 \u0627\u0632 \u0646\u0627\u0645 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u0641\u0647\u0645\u06cc\u062f: \u00ab\u062a\u0632\u0631\u06cc\u0642 \u0627\u0633\u06a9\u0631\u06cc\u067e\u062a \u0628\u06cc\u0646-\u0633\u0627\u06cc\u062a\u06cc\u00bb\u061b \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u060c \u06cc\u0627 \u062d\u062f\u0627\u0642\u0644 \u062f\u0631 \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a \u0646\u0648\u0639 Reflected \u0622\u0646\u060c \u0646\u06cc\u0627\u0632 \u0628\u0647 \u0627\u0631\u0633\u0627\u0644 \u06cc\u06a9 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a \u0628\u06cc\u0646-\u0633\u0627\u06cc\u062a\u06cc \u06cc\u0627 \u00ab\u0641\u0631\u0627\u0648\u0628\u06af\u0627\u0647\u06cc\u00bb \u062f\u0627\u0631\u062f. \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0628\u0627 \u062c\u0644\u0648\u06af\u06cc\u0631\u06cc \u0627\u0632 \u0627\u0631\u0633\u0627\u0644 \u06cc\u06a9 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a \u0628\u06cc\u0646-\u0633\u0627\u06cc\u062a\u06cc \u062a\u0648\u0633\u0637 \u0645\u0647\u0627\u062c\u0645\u060c \u0627\u0632 \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a \u0633\u0627\u062f\u0647 \u0648 \u0628\u06cc\u200c\u062f\u0631\u062f\u0633\u0631 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc XSS \u062c\u0644\u0648\u06af\u06cc\u0631\u06cc \u0645\u06cc\u200c\u06a9\u0646\u062f.<\/p><ul><li style=\"text-align: justify;\">\u0627\u06af\u0631 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc Reflected XSS \u0647\u0631\u062c\u0627\u06cc \u062f\u06cc\u06af\u0631\u06cc \u062f\u0631 \u0648\u0628\u0633\u0627\u06cc\u062a \u0648 \u062f\u0631 \u0642\u0627\u0628\u0644\u06cc\u062a\u06cc \u0648\u062c\u0648\u062f \u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u062f \u06a9\u0647 \u062a\u0648\u0633\u0637 \u062a\u0648\u06a9\u0646 CSRF \u062d\u0641\u0627\u0638\u062a \u0646\u0634\u062f\u0647 \u0627\u0633\u062a\u060c \u062f\u0631 \u0627\u06cc\u0646 \u0635\u0648\u0631\u062a \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc XSS \u0631\u0627 \u0628\u0647 \u0647\u0645\u0627\u0646 \u0631\u0648\u0634\u200c\u0647\u0627\u06cc \u0645\u0639\u0645\u0648\u0644\u06cc \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a \u06a9\u0631\u062f.<\/li><li style=\"text-align: justify;\">\u0627\u06af\u0631 \u062f\u0631 \u0647\u0631\u062c\u0627\u06cc\u06cc \u0627\u0632 \u0648\u0628\u0633\u0627\u06cc\u062a \u06cc\u06a9 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc XSS \u0648\u062c\u0648\u062f \u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u062f \u06a9\u0647 \u0627\u0645\u06a9\u0627\u0646 \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a \u0622\u0646 \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u062f\u060c \u062f\u0631 \u0627\u06cc\u0646 \u0635\u0648\u0631\u062a \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0622\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u06a9\u0627\u0631\u06cc \u06a9\u0631\u062f \u06a9\u0647 \u06a9\u0627\u0631\u0628\u0631 \u0642\u0631\u0628\u0627\u0646\u06cc \u0627\u0642\u062f\u0627\u0645\u0627\u062a \u0645\u0648\u0631\u062f \u0646\u0638\u0631 \u0645\u0647\u0627\u062c\u0645 \u0631\u0627 \u0627\u0646\u062c\u0627\u0645 \u062f\u0647\u062f\u060c \u062d\u062a\u06cc \u0627\u0642\u062f\u0627\u0645\u0627\u062a\u06cc \u06a9\u0647 \u062e\u0648\u062f\u0634\u0627\u0646 \u062a\u0648\u0633\u0637 \u062a\u0648\u06a9\u0646\u200c\u0647\u0627\u06cc CSRF \u062d\u0641\u0627\u0638\u062a \u0634\u062f\u0647\u200c\u0627\u0646\u062f. \u062f\u0631 \u0627\u06cc\u0646 \u0645\u0648\u0627\u0642\u0639\u060c \u0627\u0633\u06a9\u0631\u06cc\u067e\u062a \u0645\u0647\u0627\u062c\u0645 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u06cc\u06a9 \u062a\u0648\u06a9\u0646 CSRF \u0645\u0639\u062a\u0628\u0631 \u0631\u0627 \u0627\u0632 \u0635\u0641\u062d\u0647 \u0645\u0648\u0631\u062f \u0646\u0638\u0631\u0634 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a \u06a9\u0646\u062f\u060c \u0648 \u0633\u067e\u0633 \u0627\u0632 \u0622\u0646 \u062a\u0648\u06a9\u0646 \u0628\u0631\u0627\u06cc \u0627\u0646\u062c\u0627\u0645 \u063a\u06cc\u0631\u0645\u062c\u0627\u0632 \u06cc\u06a9 \u0627\u0642\u062f\u0627\u0645 \u062d\u0641\u0627\u0638\u062a\u200c\u0634\u062f\u0647 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u062f.<\/li><li style=\"text-align: justify;\">\u062a\u0648\u06a9\u0646\u200c\u0647\u0627\u06cc CSRF \u062d\u0641\u0627\u0638\u062a\u06cc \u062f\u0631 \u0628\u0631\u0627\u0628\u0631 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc stored XSS \u0641\u0631\u0627\u0647\u0645 \u0646\u0645\u06cc\u200c\u06a9\u0646\u0646\u062f. \u0627\u06af\u0631 \u06cc\u06a9 \u0635\u0641\u062d\u0647 \u0628\u0627 \u062a\u0648\u06a9\u0646 CSRF \u062d\u0641\u0627\u0638\u062a \u0634\u062f\u0647 \u0628\u0627\u0634\u062f\u060c \u0648\u0644\u06cc \u062f\u0631 \u0622\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc stored XSS \u0648\u062c\u0648\u062f \u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u062f\u060c \u062f\u0631 \u0627\u06cc\u0646 \u0635\u0648\u0631\u062a \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc XSS \u0631\u0627 \u0628\u0627 \u0631\u0648\u0634\u200c\u0647\u0627\u06cc \u0645\u0639\u0645\u0648\u0644\u06cc \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a \u06a9\u0631\u062f\u060c \u0648 \u067e\u06cc\u200c\u0644\u0648\u062f XSS \u0628\u062f\u0648\u0646 \u0647\u06cc\u0686 \u0645\u0634\u06a9\u0644\u06cc \u0647\u0646\u06af\u0627\u0645 \u0628\u0627\u0632\u062f\u06cc\u062f \u06a9\u0627\u0631\u0628\u0631 \u0627\u0632 \u0635\u0641\u062d\u0647 \u0627\u062c\u0631\u0627 \u0645\u06cc\u200c\u0634\u0648\u062f.<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-bdf7257 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"bdf7257\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-cfb4c91\" data-id=\"cfb4c91\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-6050262 elementor-widget elementor-widget-accordion\" data-id=\"6050262\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"accordion.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-accordion\">\n\t\t\t\t\t\t\t<div class=\"elementor-accordion-item\">\n\t\t\t\t\t<div id=\"elementor-tab-title-1001\" class=\"elementor-tab-title\" data-tab=\"1\" role=\"button\" aria-controls=\"elementor-tab-content-1001\" aria-expanded=\"false\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-accordion-icon elementor-accordion-icon-right\" aria-hidden=\"true\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-accordion-icon-closed\"><i class=\"fas fa-plus\"><\/i><\/span>\n\t\t\t\t\t\t\t\t<span class=\"elementor-accordion-icon-opened\"><i class=\"fas fa-minus\"><\/i><\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t<a class=\"elementor-accordion-title\" tabindex=\"0\">\u0645\u0637\u0644\u0628 \u0645\u0634\u0627\u0628\u0647<\/a>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t<div id=\"elementor-tab-content-1001\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"1\" role=\"region\" aria-labelledby=\"elementor-tab-title-1001\"><ul><li><a href=\"https:\/\/liangroup.net\/blog\/what-is-xxe\/\"><strong>XML \u0686\u06cc\u0633\u062a \u0648 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc XXE \u0686\u06af\u0648\u0646\u0647 \u0628\u0647 \u0648\u062c\u0648\u062f \u0645\u06cc\u200c\u0622\u06cc\u062f\u061f<\/strong><\/a><\/li><\/ul><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>\u062f\u0631 \u0627\u06cc\u0646 \u0645\u0642\u0627\u0644\u0647 \u0645\u06cc\u200c\u0622\u0645\u0648\u0632\u06cc\u0645 \u06a9\u0647 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc CSRF (\u06a9\u0648\u062a\u0627\u0647\u200c\u0634\u062f\u0647\u200c\u06cc Cross-Site Request Forgery \u06cc\u0627 \u062c\u0639\u0644 \u062f\u0631\u062e\u0648\u0627\u0633\u062a \u0645\u06cc\u0627\u0646\u200c\u0648\u0628\u06af\u0627\u0647\u06cc) \u0686\u06cc\u0633\u062a\u061f \u0686\u0646\u062f \u0645\u0648\u0631\u062f \u0627\u0632 \u0646\u0645\u0648\u0646\u0647\u200c\u0647\u0627\u06cc \u0631\u0627\u06cc\u062c \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc CSRF \u0631\u0627 \u062a\u0634\u0631\u06cc\u062d \u0645\u06cc\u200c\u06a9\u0646\u06cc\u0645\u060c \u0648 \u0646\u062d\u0648\u0647 \u062c\u0644\u0648\u06af\u06cc\u0631\u06cc \u0627\u0632 \u062d\u0645\u0644\u0627\u062a CSRF \u0631\u0627 \u062a\u0648\u0636\u06cc\u062d \u0645\u06cc\u200c\u062f\u0647\u06cc\u0645. \u062c\u0648\u0627\u0628 \u0633\u0648\u0627\u0644 \u062e\u0648\u062f \u0631\u0627 \u067e\u06cc\u062f\u0627 \u06a9\u0646\u06cc\u062f: CSRF \u0686\u06cc\u0633\u062a\u061f \u062f\u0627\u0645\u0646\u0647 \u062a\u0627\u062b\u06cc\u0631\u0627\u062a \u06cc\u06a9 \u062d\u0645\u0644\u0647 CSRF \u0686\u06cc\u0633\u062a\u061f \u062d\u0645\u0644\u0647 CSRF \u0686\u06af\u0648\u0646\u0647 \u06a9\u0627\u0631 \u0645\u06cc\u200c\u06a9\u0646\u062f\u061f \u0646\u062d\u0648\u0647 &hellip;<\/p>\n","protected":false},"author":1,"featured_media":12110,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[258,264,2,349],"tags":[],"class_list":["post-12089","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-teaching","category-264","category-pentest","category-slides"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.5 (Yoast SEO v27.6) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>\u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc CSRF \u0686\u06cc\u0633\u062a\u061f - \u0628\u0644\u0627\u06af \u06af\u0631\u0648\u0647 \u0644\u06cc\u0627\u0646<\/title>\n<meta name=\"description\" content=\"\u062f\u0631 \u0627\u06cc\u0646 \u0645\u0642\u0627\u0644\u0647 \u0645\u06cc\u200c\u0622\u0645\u0648\u0632\u06cc\u0645 \u06a9\u0647 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc CSRF (Cross-Site Request Forgery \u06cc\u0627 \u062c\u0639\u0644 \u062f\u0631\u062e\u0648\u0627\u0633\u062a \u0645\u06cc\u0627\u0646\u200c\u0648\u0628\u06af\u0627\u0647\u06cc) \u0686\u06cc\u0633\u062a\u061f+\u0646\u0645\u0648\u0646\u0647\u200c\u0647\u0627\u06cc \u0631\u0627\u06cc\u062c \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc CSRF\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/liangroup.net\/blog\/csrf\/\" \/>\n<meta property=\"og:locale\" content=\"fa_IR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc CSRF \u0686\u06cc\u0633\u062a\u061f\" \/>\n<meta property=\"og:description\" content=\"\u062f\u0631 \u0627\u06cc\u0646 \u0645\u0642\u0627\u0644\u0647 \u0645\u06cc\u200c\u0622\u0645\u0648\u0632\u06cc\u0645 \u06a9\u0647 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc CSRF (Cross-Site Request Forgery \u06cc\u0627 \u062c\u0639\u0644 \u062f\u0631\u062e\u0648\u0627\u0633\u062a \u0645\u06cc\u0627\u0646\u200c\u0648\u0628\u06af\u0627\u0647\u06cc) \u0686\u06cc\u0633\u062a\u061f+\u0646\u0645\u0648\u0646\u0647\u200c\u0647\u0627\u06cc \u0631\u0627\u06cc\u062c \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc CSRF\" \/>\n<meta property=\"og:url\" content=\"https:\/\/liangroup.net\/blog\/csrf\/\" \/>\n<meta property=\"og:site_name\" content=\"\u0628\u0644\u0627\u06af \u06af\u0631\u0648\u0647 \u0644\u06cc\u0627\u0646\" \/>\n<meta property=\"article:author\" content=\"#\" \/>\n<meta property=\"article:published_time\" content=\"2021-06-19T13:40:53+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-02-13T13:40:41+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/06\/cross-site-request-forgery.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1980\" \/>\n\t<meta property=\"og:image:height\" content=\"871\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"\u0627\u062f\u0645\u06cc\u0646\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@#\" \/>\n<meta name=\"twitter:site\" content=\"@liansecurity\" \/>\n<meta name=\"twitter:label1\" content=\"\u0646\u0648\u0634\u062a\u0647\u200c\u0634\u062f\u0647 \u0628\u062f\u0633\u062a\" \/>\n\t<meta name=\"twitter:data1\" content=\"\u0627\u062f\u0645\u06cc\u0646\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u0632\u0645\u0627\u0646 \u062a\u0642\u0631\u06cc\u0628\u06cc \u0628\u0631\u0627\u06cc \u062e\u0648\u0627\u0646\u062f\u0646\" \/>\n\t<meta name=\"twitter:data2\" content=\"18 \u062f\u0642\u06cc\u0642\u0647\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/csrf\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/csrf\\\/\"},\"author\":{\"name\":\"\u0627\u062f\u0645\u06cc\u0646\",\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/#\\\/schema\\\/person\\\/56ec88338ff7cb5202779a216d9f3399\"},\"headline\":\"\u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc CSRF \u0686\u06cc\u0633\u062a\u061f\",\"datePublished\":\"2021-06-19T13:40:53+00:00\",\"dateModified\":\"2022-02-13T13:40:41+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/csrf\\\/\"},\"wordCount\":411,\"commentCount\":1,\"image\":{\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/csrf\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/06\\\/cross-site-request-forgery.jpg\",\"articleSection\":[\"\u0622\u0645\u0648\u0632\u0634\u200c\u0647\u0627\u06cc \u0644\u06cc\u0627\u0646\",\"\u0627\u0645\u0646\u06cc\u062a \u0648\u0628\",\"\u062a\u0633\u062a \u0646\u0641\u0648\u0630 \u0648 \u0627\u0645\u0646\u06cc\u062a\",\"\u06cc\u06cc\u06cc\u06cc \u0627\u0633\u0644\u0627\u06cc\u062f\"],\"inLanguage\":\"fa-IR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/liangroup.net\\\/blog\\\/csrf\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/csrf\\\/\",\"url\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/csrf\\\/\",\"name\":\"\u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc CSRF \u0686\u06cc\u0633\u062a\u061f - \u0628\u0644\u0627\u06af \u06af\u0631\u0648\u0647 \u0644\u06cc\u0627\u0646\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/csrf\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/csrf\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/06\\\/cross-site-request-forgery.jpg\",\"datePublished\":\"2021-06-19T13:40:53+00:00\",\"dateModified\":\"2022-02-13T13:40:41+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/#\\\/schema\\\/person\\\/56ec88338ff7cb5202779a216d9f3399\"},\"description\":\"\u062f\u0631 \u0627\u06cc\u0646 \u0645\u0642\u0627\u0644\u0647 \u0645\u06cc\u200c\u0622\u0645\u0648\u0632\u06cc\u0645 \u06a9\u0647 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc CSRF (Cross-Site Request Forgery \u06cc\u0627 \u062c\u0639\u0644 \u062f\u0631\u062e\u0648\u0627\u0633\u062a \u0645\u06cc\u0627\u0646\u200c\u0648\u0628\u06af\u0627\u0647\u06cc) \u0686\u06cc\u0633\u062a\u061f+\u0646\u0645\u0648\u0646\u0647\u200c\u0647\u0627\u06cc \u0631\u0627\u06cc\u062c \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc CSRF\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/csrf\\\/#breadcrumb\"},\"inLanguage\":\"fa-IR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/liangroup.net\\\/blog\\\/csrf\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"fa-IR\",\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/csrf\\\/#primaryimage\",\"url\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/06\\\/cross-site-request-forgery.jpg\",\"contentUrl\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/06\\\/cross-site-request-forgery.jpg\",\"width\":1920,\"height\":845,\"caption\":\"cross-site-request-forgery\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/csrf\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u062e\u0627\u0646\u0647\",\"item\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc CSRF \u0686\u06cc\u0633\u062a\u061f\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/\",\"name\":\"\u0628\u0644\u0627\u06af \u06af\u0631\u0648\u0647 \u0644\u06cc\u0627\u0646\",\"description\":\"\u0622\u062e\u0631\u06cc\u0646 \u0627\u062e\u0628\u0627\u0631\u060c\u0645\u0642\u0627\u0644\u0627\u062a \u0648 \u0622\u0645\u0648\u0632\u0634\u200c\u0647\u0627\u06cc \u062d\u0648\u0632\u0647 \u0627\u0645\u0646\u06cc\u062a \u0633\u0627\u06cc\u0628\u0631\u06cc\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"fa-IR\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/#\\\/schema\\\/person\\\/56ec88338ff7cb5202779a216d9f3399\",\"name\":\"\u0627\u062f\u0645\u06cc\u0646\",\"description\":\"\u0639\u0644\u0627\u0642\u0645\u0646\u062f \u0628\u0647 \u062d\u0648\u0632\u0647 \u0627\u0645\u0646\u06cc\u062a \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0648 \u0622\u0634\u0646\u0627 \u0628\u0647 \u062d\u0648\u0632\u0647 \u062a\u0633\u062a \u0646\u0641\u0648\u0630\",\"sameAs\":[\"http:\\\/\\\/liangroup.net\",\"#\",\"https:\\\/\\\/x.com\\\/#\"],\"url\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/author\\\/admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"\u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc CSRF \u0686\u06cc\u0633\u062a\u061f - \u0628\u0644\u0627\u06af \u06af\u0631\u0648\u0647 \u0644\u06cc\u0627\u0646","description":"\u062f\u0631 \u0627\u06cc\u0646 \u0645\u0642\u0627\u0644\u0647 \u0645\u06cc\u200c\u0622\u0645\u0648\u0632\u06cc\u0645 \u06a9\u0647 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc CSRF (Cross-Site Request Forgery \u06cc\u0627 \u062c\u0639\u0644 \u062f\u0631\u062e\u0648\u0627\u0633\u062a \u0645\u06cc\u0627\u0646\u200c\u0648\u0628\u06af\u0627\u0647\u06cc) \u0686\u06cc\u0633\u062a\u061f+\u0646\u0645\u0648\u0646\u0647\u200c\u0647\u0627\u06cc \u0631\u0627\u06cc\u062c \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc CSRF","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/liangroup.net\/blog\/csrf\/","og_locale":"fa_IR","og_type":"article","og_title":"\u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc CSRF \u0686\u06cc\u0633\u062a\u061f","og_description":"\u062f\u0631 \u0627\u06cc\u0646 \u0645\u0642\u0627\u0644\u0647 \u0645\u06cc\u200c\u0622\u0645\u0648\u0632\u06cc\u0645 \u06a9\u0647 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc CSRF (Cross-Site Request Forgery \u06cc\u0627 \u062c\u0639\u0644 \u062f\u0631\u062e\u0648\u0627\u0633\u062a \u0645\u06cc\u0627\u0646\u200c\u0648\u0628\u06af\u0627\u0647\u06cc) \u0686\u06cc\u0633\u062a\u061f+\u0646\u0645\u0648\u0646\u0647\u200c\u0647\u0627\u06cc \u0631\u0627\u06cc\u062c \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc CSRF","og_url":"https:\/\/liangroup.net\/blog\/csrf\/","og_site_name":"\u0628\u0644\u0627\u06af \u06af\u0631\u0648\u0647 \u0644\u06cc\u0627\u0646","article_author":"#","article_published_time":"2021-06-19T13:40:53+00:00","article_modified_time":"2022-02-13T13:40:41+00:00","og_image":[{"width":1980,"height":871,"url":"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/06\/cross-site-request-forgery.jpg","type":"image\/jpeg"}],"author":"\u0627\u062f\u0645\u06cc\u0646","twitter_card":"summary_large_image","twitter_creator":"@#","twitter_site":"@liansecurity","twitter_misc":{"\u0646\u0648\u0634\u062a\u0647\u200c\u0634\u062f\u0647 \u0628\u062f\u0633\u062a":"\u0627\u062f\u0645\u06cc\u0646","\u0632\u0645\u0627\u0646 \u062a\u0642\u0631\u06cc\u0628\u06cc \u0628\u0631\u0627\u06cc \u062e\u0648\u0627\u0646\u062f\u0646":"18 \u062f\u0642\u06cc\u0642\u0647"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/liangroup.net\/blog\/csrf\/#article","isPartOf":{"@id":"https:\/\/liangroup.net\/blog\/csrf\/"},"author":{"name":"\u0627\u062f\u0645\u06cc\u0646","@id":"https:\/\/liangroup.net\/blog\/#\/schema\/person\/56ec88338ff7cb5202779a216d9f3399"},"headline":"\u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc CSRF \u0686\u06cc\u0633\u062a\u061f","datePublished":"2021-06-19T13:40:53+00:00","dateModified":"2022-02-13T13:40:41+00:00","mainEntityOfPage":{"@id":"https:\/\/liangroup.net\/blog\/csrf\/"},"wordCount":411,"commentCount":1,"image":{"@id":"https:\/\/liangroup.net\/blog\/csrf\/#primaryimage"},"thumbnailUrl":"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/06\/cross-site-request-forgery.jpg","articleSection":["\u0622\u0645\u0648\u0632\u0634\u200c\u0647\u0627\u06cc \u0644\u06cc\u0627\u0646","\u0627\u0645\u0646\u06cc\u062a \u0648\u0628","\u062a\u0633\u062a \u0646\u0641\u0648\u0630 \u0648 \u0627\u0645\u0646\u06cc\u062a","\u06cc\u06cc\u06cc\u06cc \u0627\u0633\u0644\u0627\u06cc\u062f"],"inLanguage":"fa-IR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/liangroup.net\/blog\/csrf\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/liangroup.net\/blog\/csrf\/","url":"https:\/\/liangroup.net\/blog\/csrf\/","name":"\u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc CSRF \u0686\u06cc\u0633\u062a\u061f - \u0628\u0644\u0627\u06af \u06af\u0631\u0648\u0647 \u0644\u06cc\u0627\u0646","isPartOf":{"@id":"https:\/\/liangroup.net\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/liangroup.net\/blog\/csrf\/#primaryimage"},"image":{"@id":"https:\/\/liangroup.net\/blog\/csrf\/#primaryimage"},"thumbnailUrl":"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/06\/cross-site-request-forgery.jpg","datePublished":"2021-06-19T13:40:53+00:00","dateModified":"2022-02-13T13:40:41+00:00","author":{"@id":"https:\/\/liangroup.net\/blog\/#\/schema\/person\/56ec88338ff7cb5202779a216d9f3399"},"description":"\u062f\u0631 \u0627\u06cc\u0646 \u0645\u0642\u0627\u0644\u0647 \u0645\u06cc\u200c\u0622\u0645\u0648\u0632\u06cc\u0645 \u06a9\u0647 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc CSRF (Cross-Site Request Forgery \u06cc\u0627 \u062c\u0639\u0644 \u062f\u0631\u062e\u0648\u0627\u0633\u062a \u0645\u06cc\u0627\u0646\u200c\u0648\u0628\u06af\u0627\u0647\u06cc) \u0686\u06cc\u0633\u062a\u061f+\u0646\u0645\u0648\u0646\u0647\u200c\u0647\u0627\u06cc \u0631\u0627\u06cc\u062c \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc CSRF","breadcrumb":{"@id":"https:\/\/liangroup.net\/blog\/csrf\/#breadcrumb"},"inLanguage":"fa-IR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/liangroup.net\/blog\/csrf\/"]}]},{"@type":"ImageObject","inLanguage":"fa-IR","@id":"https:\/\/liangroup.net\/blog\/csrf\/#primaryimage","url":"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/06\/cross-site-request-forgery.jpg","contentUrl":"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/06\/cross-site-request-forgery.jpg","width":1920,"height":845,"caption":"cross-site-request-forgery"},{"@type":"BreadcrumbList","@id":"https:\/\/liangroup.net\/blog\/csrf\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u062e\u0627\u0646\u0647","item":"https:\/\/liangroup.net\/blog\/"},{"@type":"ListItem","position":2,"name":"\u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc CSRF \u0686\u06cc\u0633\u062a\u061f"}]},{"@type":"WebSite","@id":"https:\/\/liangroup.net\/blog\/#website","url":"https:\/\/liangroup.net\/blog\/","name":"\u0628\u0644\u0627\u06af \u06af\u0631\u0648\u0647 \u0644\u06cc\u0627\u0646","description":"\u0622\u062e\u0631\u06cc\u0646 \u0627\u062e\u0628\u0627\u0631\u060c\u0645\u0642\u0627\u0644\u0627\u062a \u0648 \u0622\u0645\u0648\u0632\u0634\u200c\u0647\u0627\u06cc \u062d\u0648\u0632\u0647 \u0627\u0645\u0646\u06cc\u062a \u0633\u0627\u06cc\u0628\u0631\u06cc","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/liangroup.net\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"fa-IR"},{"@type":"Person","@id":"https:\/\/liangroup.net\/blog\/#\/schema\/person\/56ec88338ff7cb5202779a216d9f3399","name":"\u0627\u062f\u0645\u06cc\u0646","description":"\u0639\u0644\u0627\u0642\u0645\u0646\u062f \u0628\u0647 \u062d\u0648\u0632\u0647 \u0627\u0645\u0646\u06cc\u062a \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0648 \u0622\u0634\u0646\u0627 \u0628\u0647 \u062d\u0648\u0632\u0647 \u062a\u0633\u062a \u0646\u0641\u0648\u0630","sameAs":["http:\/\/liangroup.net","#","https:\/\/x.com\/#"],"url":"https:\/\/liangroup.net\/blog\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/liangroup.net\/blog\/wp-json\/wp\/v2\/posts\/12089","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/liangroup.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/liangroup.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/liangroup.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/liangroup.net\/blog\/wp-json\/wp\/v2\/comments?post=12089"}],"version-history":[{"count":0,"href":"https:\/\/liangroup.net\/blog\/wp-json\/wp\/v2\/posts\/12089\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/liangroup.net\/blog\/wp-json\/wp\/v2\/media\/12110"}],"wp:attachment":[{"href":"https:\/\/liangroup.net\/blog\/wp-json\/wp\/v2\/media?parent=12089"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/liangroup.net\/blog\/wp-json\/wp\/v2\/categories?post=12089"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/liangroup.net\/blog\/wp-json\/wp\/v2\/tags?post=12089"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}