El código original permitía eliminar un post mediante una petición GET, lo cual es vulnerable a ataques de Cross-Site Request Forgery (CSRF). Un atacante podría engañar a un usuario autenticado para que haga clic en un enlace malicioso que envíe una solicitud GET para eliminar un post sin su consentimiento.
Código vulnerable:
<a href="/posts/{{post.id}}/delete" class="btn">Delete Post</a>@GetMapping("/posts/{id}/delete")
| # Comandos e instalaciones realizadas | |
| # Curl | |
| sudo apt install curl | |
| # Docker | |
| $ curl https://get.docker.com | sh | |
| $ sudo usermod -aG docker michel |
| web: | |
| image: maes95/docker-compose-python-mongo | |
| ports: | |
| - "80:5000" | |
| links: | |
| - db | |
| db: | |
| image: mongo:3.0.2 |
| # START MySQL | |
| docker run --name master-mysql -p 3306:3306 -e MYSQL_ROOT_PASSWORD=pass -e MYSQL_DATABASE=test -d mysql:5.7 | |
| # This command create a mysql | |
| # -> Available in locahost:3306 | |
| # -> With a 'root' user with pass 'pass' | |
| # -> With a default database schema 'test' |
| function printElementSimple(elem){ | |
| w=window.open(); | |
| w.document.write($(elem).html()); | |
| w.print(); | |
| w.close(); | |
| } | |
| document.getElementById('preview-viewer').contentWindow.print() | |
| function printElement(elem, style){ |
| echo "deb http://www.rabbitmq.com/debian/ testing main" | sudo tee /etc/apt/sources.list.d/rabbitmq.list > /dev/null | |
| wget https://www.rabbitmq.com/rabbitmq-signing-key-public.asc | |
| sudo apt-key add rabbitmq-signing-key-public.asc | |
| sudo apt-get update | |
| sudo apt-get install rabbitmq-server -y | |
| sudo service rabbitmq-server start | |
| sudo rabbitmq-plugins enable rabbitmq_management | |
| sudo service rabbitmq-server restart |
| library(dplyr) | |
| library(magrittr) | |
| data <- read.csv("adult.csv", header = FALSE, sep = ",") | |
| colnames(data) <- c("Age", | |
| "Workclass", | |
| "Fnlwgt", | |
| "Education", | |
| "EducationNum", | |
| "MaritalStatus", |
| sudo add-apt-repository ppa:webupd8team/java | |
| sudo apt-get update | |
| sudo apt-get install oracle-java8-installer | |
| wget https://bintray.com/artifact/download/vertx/downloads/vert.x-3.5.0.tar.gz | |
| tar xzvf vert.x-3.5.0.tar.gz | |
| # CMD | |
| ./vertx/bin/vertx |
| curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - | |
| sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | |
| sudo apt-get update | |
| sudo apt-get -y install docker-ce |