Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc.... 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
CSRF Prevention techniques
Posted by: kishord
Date: January 06, 2007 02:53AM

CSRF can be prevented by using random tokens etc.
But can the following help us solve the problem more easily?

http://wasjournal.blogspot.com/2006/12/csrf-protection-for-ajax-area-of-web.html

Options: ReplyQuote
Re: CSRF Prevention techniques
Posted by: jungsonn
Date: January 06, 2007 05:37AM

damn slow those blogspots.

Options: ReplyQuote
Re: CSRF Prevention techniques
Posted by: kirke
Date: January 06, 2007 01:12PM

see their
> Note 1. If your site has XSS, this technique won't help.
then read think about "Universal XSS with PDF" from last days ...
Other problems with this simple aproach are HTTP Response/Request Splitting/Smuggling.
Anyway, it raises the bar for an attacker.

Options: ReplyQuote
Re: CSRF Prevention techniques
Posted by: kishord
Date: January 06, 2007 02:13PM

I would agree with you.
But I honestly think that if XSS is there, you are already screwed.
Same is the case with HTTP Response/Request Splitting/Smuggling.

You don't even deserve to be protected if you already have these vulnerabilities :)

Options: ReplyQuote
Re: CSRF Prevention techniques
Posted by: kuza55
Date: January 06, 2007 11:52PM

I'm not sure if this would interest people, but Stefan Esser thought of a way to use the cross-domain policy to protect yourself against CSRF even if you're vulnerable to XSS on part of your site: http://blog.php-security.org/archives/48-CSRF-protections-are-not-doomed-by-XSS.html

Of course its difficult to implement and secure, but its an interesting concept. Hmm, I think I might work on trying to get an implementation of that working.....

Options: ReplyQuote
Re: CSRF Prevention techniques
Posted by: kishord
Date: January 07, 2007 12:14AM

If XSS is on a post-login page and requires a random token get submitted along with the XSS vector, then I think that XSS is hard to exploit.

i.e. XSS done via CSRF

Options: ReplyQuote
Re: CSRF Prevention techniques
Posted by: jungsonn
Date: January 07, 2007 11:55AM

@kuza55

Cool, let me know if you got something!

Options: ReplyQuote


Sorry, only registered users may post in this forum.