Csrf Dorks! (done.)

sla.ckers.org is
ha.ckers sla.cking

Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc....

Go to Topic: Previous•Next

Go to: Forum List•Message List•New Topic•Search•Log In

Csrf Dorks! (done.)

Posted by: tehryan

Date: May 21, 2007 01:35AM

Okay everyone, here goes a first try.

http://csrf.0x000000.com/csrfdb.php

It is completely empty as of this writing, so go ahead and start submitting. send bug reports/feature requests/etc to ryan.cartner@gmail.com

Options: Reply•Quote

Re: Csrf Dorks! (done.)

Posted by: tehryan

Date: May 21, 2007 10:59AM

lol, for anyone who tried using the interface with no luck... I squashed the bug, its working now.

Options: Reply•Quote

Re: Csrf Dorks! (done.)

Posted by: birdie

Date: May 23, 2007 05:40AM

How about POST? It's mostly POST reguests that are used to change/hack/steal something.

Options: Reply•Quote

Re: Csrf Dorks! (done.)

Posted by: Anonymous User

Date: May 23, 2007 07:03AM

Yep - would be pretty cool to have a post redirect option included in the csrf detail view.

Options: Reply•Quote

Re: Csrf Dorks! (done.)

Posted by: tehryan

Date: May 24, 2007 02:40PM

Very good suggestion, I'll implement that.

for now, just submit form templates the same way you would submit a url.

Edited 1 time(s). Last edit at 05/24/2007 02:48PM by tehryan.

Options: Reply•Quote

Go to: Forum List•Message List•Search•Log In

Sorry, only registered users may post in this forum.

Click here to login