Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc.... 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
CSRF4BlackHat - So it begins...
Posted by: klaus
Date: November 22, 2007 09:54PM

Uses for Cross-site Request forgery from the blackhat SEO perspective:

* Publishing/Spamming links: People spamming forums with links is nothing new. By utilizing CSRF on the otherhand you could force a website user base (either by embedding it into your site html directly, or by utilizing an XSS vulnerability) to submit forms with your url without their knowledge.

* Redirectors: Search engines and sites displaying a sites rank (blogs, top sites community, top referers/incoming site links, etc...) count the number of times a specific url is clicked or visited. If you can get the user to visit the site via CSRF, then you can potentially influence these counters using unique hostnames/sessions (if logged in already).

-----------------------------------------------------------------------------

How about some pratical examples?

I'll start the first one: hxxp://redirect.alexa.com/redirect?www.YOURDOMAIN.com

Options: ReplyQuote
Re: CSRF4BlackHat - So it begins...
Posted by: rsnake
Date: December 10, 2007 09:31AM

How about artificially voting for something that gets you higher in rankings elsewhere?

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: CSRF4BlackHat - So it begins...
Posted by: kcanis
Date: January 14, 2008 06:06PM

Umm, pay per click ads ... try to find those cheaters google :P

Options: ReplyQuote


Sorry, only registered users may post in this forum.