Paid Advertising
SLA.CKERS.ORG
HA.CKERS SLACKING
Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc....
Csrf Dorks! (done.)
Posted by: tehryan (IP Logged)
Date: May 21, 2007 01:35AM
Okay everyone, here goes a first try.
[csrf.0x000000.com]
It is completely empty as of this writing, so go ahead and start submitting. send bug reports/feature requests/etc to ryan.cartner@gmail.com
[csrf.0x000000.com]
It is completely empty as of this writing, so go ahead and start submitting. send bug reports/feature requests/etc to ryan.cartner@gmail.com
Re: Csrf Dorks! (done.)
Posted by: tehryan (IP Logged)
Date: May 21, 2007 10:59AM
lol, for anyone who tried using the interface with no luck... I squashed the bug, its working now.
Re: Csrf Dorks! (done.)
Posted by: birdie (IP Logged)
Date: May 23, 2007 05:40AM
How about POST? It's mostly POST reguests that are used to change/hack/steal something.
Re: Csrf Dorks! (done.)
Posted by: .mario (IP Logged)
Date: May 23, 2007 07:03AM
Yep - would be pretty cool to have a post redirect option included in the csrf detail view.
---
g:0in~/*for another*/~alert(!!1)
(Å='',[Ç=!(µ=!Å+Å)+{}][Ç[ª=µ[++Å]+µ[Å-Å],È=Å-~Å]+Ç[È+È]+ª])()[Ç[Å]+Ç[Å+Å]+µ[È]+ª](Å)
me || PHPIDS || Twitter || <malicious></markup>
---
g:0in~/*for another*/~alert(!!1)
(Å='',[Ç=!(µ=!Å+Å)+{}][Ç[ª=µ[++Å]+µ[Å-Å],È=Å-~Å]+Ç[È+È]+ª])()[Ç[Å]+Ç[Å+Å]+µ[È]+ª](Å)
me || PHPIDS || Twitter || <malicious></markup>
Re: Csrf Dorks! (done.)
Posted by: tehryan (IP Logged)
Date: May 24, 2007 02:40PM
Very good suggestion, I'll implement that.
for now, just submit form templates the same way you would submit a url.
Edited 1 time(s). Last edit at 05/24/2007 02:48PM by tehryan.
for now, just submit form templates the same way you would submit a url.
Edited 1 time(s). Last edit at 05/24/2007 02:48PM by tehryan.
Sorry, only registered users may post in this forum.
sla.ckers.org RSS feed
Board haX0r3d together by ha.ckers.org, forshizzle.
SecTheory Security Consulting *