Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc.... 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Csrf Dorks! (done.)
Posted by: tehryan
Date: May 21, 2007 01:35AM

Okay everyone, here goes a first try.

http://csrf.0x000000.com/csrfdb.php

It is completely empty as of this writing, so go ahead and start submitting. send bug reports/feature requests/etc to ryan.cartner@gmail.com

Options: ReplyQuote
Re: Csrf Dorks! (done.)
Posted by: tehryan
Date: May 21, 2007 10:59AM

lol, for anyone who tried using the interface with no luck... I squashed the bug, its working now.

Options: ReplyQuote
Re: Csrf Dorks! (done.)
Posted by: birdie
Date: May 23, 2007 05:40AM

How about POST? It's mostly POST reguests that are used to change/hack/steal something.

Options: ReplyQuote
Re: Csrf Dorks! (done.)
Posted by: Anonymous User
Date: May 23, 2007 07:03AM

Yep - would be pretty cool to have a post redirect option included in the csrf detail view.

Options: ReplyQuote
Re: Csrf Dorks! (done.)
Posted by: tehryan
Date: May 24, 2007 02:40PM

Very good suggestion, I'll implement that.

for now, just submit form templates the same way you would submit a url.



Edited 1 time(s). Last edit at 05/24/2007 02:48PM by tehryan.

Options: ReplyQuote


Sorry, only registered users may post in this forum.