Paid Advertising

SLA.CKERS.ORG
HA.CKERS SLACKING
sla.ckers.org web application security lab forums
Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc.... 
Csrf Dorks! (done.)
Posted by: tehryan (IP Logged)
Date: May 21, 2007 01:35AM

Okay everyone, here goes a first try.

[csrf.0x000000.com]

It is completely empty as of this writing, so go ahead and start submitting. send bug reports/feature requests/etc to ryan.cartner@gmail.com

Re: Csrf Dorks! (done.)
Posted by: tehryan (IP Logged)
Date: May 21, 2007 10:59AM

lol, for anyone who tried using the interface with no luck... I squashed the bug, its working now.

Re: Csrf Dorks! (done.)
Posted by: birdie (IP Logged)
Date: May 23, 2007 05:40AM

How about POST? It's mostly POST reguests that are used to change/hack/steal something.

Re: Csrf Dorks! (done.)
Posted by: .mario (IP Logged)
Date: May 23, 2007 07:03AM

Yep - would be pretty cool to have a post redirect option included in the csrf detail view.

---
g:0in~/*for another*/~alert(!!1)
(Å='',[Ç=!(µ=!Å+Å)+{}][Ç[ª=µ[++Å]+µ[Å-Å],È=Å-~Å]+Ç[È+È]+ª])()[Ç[Å]+Ç[Å+Å]+µ[È]+ª](Å)
me || PHPIDS || Twitter || <malicious></markup>

Re: Csrf Dorks! (done.)
Posted by: tehryan (IP Logged)
Date: May 24, 2007 02:40PM

Very good suggestion, I'll implement that.

for now, just submit form templates the same way you would submit a url.



Edited 1 time(s). Last edit at 05/24/2007 02:48PM by tehryan.



Sorry, only registered users may post in this forum.