Cross-Site Request Forgery:跨站点请求伪造问题描述:Abstract: 在LzbaseWeb.js中第547行的HTTP要求,必須包含特定使用者機密,以避免攻
擊者作出未經授權的要求。Sink: LzbaseWeb.js:547 FunctionPointerCall()545 current.AjaxSuccess(xmlhttpRequest, successCallBack, dataType, errorCallBack);
546 }
547 xmlhttpRequest.open("get", this.getAjaxUrl(url, false), false);
548 this.setHeaderInfo(xmlhttpRequest, "get", dataType, params); //??????
549 xmlhttpRequest.send(this.getParams(params));这个是安全扫描工具,扫描出来的,求解决方案~~~
擊者作出未經授權的要求。Sink: LzbaseWeb.js:547 FunctionPointerCall()545 current.AjaxSuccess(xmlhttpRequest, successCallBack, dataType, errorCallBack);
546 }
547 xmlhttpRequest.open("get", this.getAjaxUrl(url, false), false);
548 this.setHeaderInfo(xmlhttpRequest, "get", dataType, params); //??????
549 xmlhttpRequest.send(this.getParams(params));这个是安全扫描工具,扫描出来的,求解决方案~~~
擊者作出未經授權的要求。Sink: LzbaseWeb.js:558 FunctionPointerCall()556 current.AjaxSuccess(xmlhttpRequest, successCallBack, dataType, errorCallBack);
557 }
558 xmlhttpRequest.open("post", this.getAjaxUrl(url, false), true);
559 this.setHeaderInfo(xmlhttpRequest, "post", dataType, params); //
560 xmlhttpRequest.send(this.getParams(params)); //