Paid Advertising is
ha.ckers sla.cking
Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc.... 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
CSRF -- Add extra cookie value
Posted by: w0nd
Date: April 15, 2014 01:29PM

Hello All,
I am trying to demonstrate weak CSRF token implementation.
The request structure is something similar to following:

POST /abc HTTP/1.1

Cookie = JSESSIONID=xxxxxxx ; Token = yyyyyyyy

somename= somevalue
token = yyyyyyyy

The token value is not random and can be easily guessed.

We can control "token=" in POST body but we also need to change "token=" value from Cookies: to make both values identical.

I tried to set extra cookie parameter using php, JS but that parameter not getting inserted in actual CSRF request when user clicks on submit button.

Any suggestions?

Options: ReplyQuote
Re: CSRF -- Add extra cookie value
Posted by: w0nd
Date: April 16, 2014 02:59AM

Hello again,

I found a way around using XSS attack.It works like a charm.

Still looking for any possibilities without using XSS.


Options: ReplyQuote

Sorry, only registered users may post in this forum.