CSRF. **testing page - view at your own risk**

General technological topics without their own forum go here

Re: CSRF. **testing page - view at your own risk**

Post by hellow533 on Thu Apr 11, 2013 10:21 pm
([msg=75072]see Re: CSRF. **testing page - view at your own risk**[/msg])

Yep, it worked, as stated from test account. Javascript 1, 4, 5, 6, and 7 were all passed instantly with CSRF.
“Teach me how to hack!”
"What, like, with an axe?"
User avatar
hellow533
Contributor
Contributor
 
Posts: 506
Joined: Thu Jan 29, 2009 3:27 pm
Blog: View Blog (0)


Re: CSRF. **testing page - view at your own risk**

Post by 3vilp4wn on Thu Apr 11, 2013 10:32 pm
([msg=75073]see Re: CSRF. **testing page - view at your own risk**[/msg])

Put code tags on those please!
And edit out the answers.
Also, you can pass js 3 like that, I tried it. look at my last post in the js3 thread.
Do not mistake understanding for realization, and do not mistake realization for liberation
Evil Ninja Hackers
???
٩(͡๏̯͡๏)۶

1A4EAMboaXpgvUSmtRbVRqbfJrbyuGhyoo
User avatar
3vilp4wn
Poster
Poster
 
Posts: 144
Joined: Sun Feb 10, 2013 2:05 am
Location: The darkness.
Blog: View Blog (0)


Re: CSRF. **testing page - view at your own risk**

Post by hellow533 on Thu Apr 11, 2013 11:25 pm
([msg=75074]see Re: CSRF. **testing page - view at your own risk**[/msg])

I know, that's why I didn't include JS3 in the test :D

-- Fri Apr 12, 2013 5:20 pm --

Fixed, now it's blocked out and in code.

You can also delete private messages with CSRF, but you need the correct message number.
“Teach me how to hack!”
"What, like, with an axe?"
User avatar
hellow533
Contributor
Contributor
 
Posts: 506
Joined: Thu Jan 29, 2009 3:27 pm
Blog: View Blog (0)


Re: CSRF. **testing page - view at your own risk**

Post by -Ninjex- on Fri Apr 12, 2013 7:58 am
([msg=75075]see Re: CSRF. **testing page - view at your own risk**[/msg])

Nice...

:twisted:
If you're not willing to learn, no one can help you. If you're determined to learn, no one can stop you.⠠⠵
The absence of evidence is not evidence of absence.
I can explain it for you, but I can't understand it for you.
User avatar
-Ninjex-
Addict
Addict
 
Posts: 1248
Joined: Sun Sep 02, 2012 8:02 pm
Blog: View Blog (0)


Re: CSRF. **testing page - view at your own risk**

Post by 3vilp4wn on Fri Apr 12, 2013 6:03 pm
([msg=75082]see Re: CSRF. **testing page - view at your own risk**[/msg])

hellow533 wrote:You can also delete private messages with CSRF, but you need the correct message number.

You also need the right referrer (or referer if you prefer). I tried it, but as far as I can see, spoofing the referrer in a get request is impossible.
-Ninjex- wrote:Nice...


Thanks!
hellow533 wrote:Yep, it worked, as stated from test account. Javascript 1, 4, 5, 6, and 7 were all passed instantly with CSRF.

You might be able to do 2 as well, as JS isn't enabled in the get request. :D
Do not mistake understanding for realization, and do not mistake realization for liberation
Evil Ninja Hackers
???
٩(͡๏̯͡๏)۶

1A4EAMboaXpgvUSmtRbVRqbfJrbyuGhyoo
User avatar
3vilp4wn
Poster
Poster
 
Posts: 144
Joined: Sun Feb 10, 2013 2:05 am
Location: The darkness.
Blog: View Blog (0)


Re: CSRF. **testing page - view at your own risk**

Post by hellow533 on Fri Apr 12, 2013 6:08 pm
([msg=75084]see Re: CSRF. **testing page - view at your own risk**[/msg])

Two was there, it just didn't pass.
“Teach me how to hack!”
"What, like, with an axe?"
User avatar
hellow533
Contributor
Contributor
 
Posts: 506
Joined: Thu Jan 29, 2009 3:27 pm
Blog: View Blog (0)


Re: CSRF. **testing page - view at your own risk**

Post by 3vilp4wn on Fri Apr 12, 2013 7:59 pm
([msg=75086]see Re: CSRF. **testing page - view at your own risk**[/msg])

hellow533 wrote:Two was there, it just didn't pass.

Wait, so that means that the CSRF executes JS? There are so many things that are wrong with that...
Do not mistake understanding for realization, and do not mistake realization for liberation
Evil Ninja Hackers
???
٩(͡๏̯͡๏)۶

1A4EAMboaXpgvUSmtRbVRqbfJrbyuGhyoo
User avatar
3vilp4wn
Poster
Poster
 
Posts: 144
Joined: Sun Feb 10, 2013 2:05 am
Location: The darkness.
Blog: View Blog (0)


Re: CSRF. **testing page - view at your own risk**

Post by Euforia33 on Wed Jun 26, 2013 6:59 pm
([msg=76252]see Re: CSRF. **testing page - view at your own risk**[/msg])

No, IMG tags are embedded resources and simply send requests using $_GET. Executing javascript through IMG tags using XSRF alone is not possible to my knowledge, you would need a XSS vulnerability for that which if there was one, renders the XSRF a moot point.

Social engineering is the most common technique used for that type of XSRF attack, by getting someone (while they are logged in to the target site) to click on a link to a page where there's an auto-submitting form, someone could POST on their behalf provided there are no checks for tokens or the referrer.
Euforia33
New User
New User
 
Posts: 8
Joined: Fri May 07, 2010 1:25 pm
Blog: View Blog (0)


Re: CSRF. **testing page - view at your own risk**

Post by mShred on Sat Jun 29, 2013 4:01 pm
([msg=76268]see Re: CSRF. **testing page - view at your own risk**[/msg])

Euforia33 wrote:No, IMG tags are embedded resources and simply send requests using $_GET. Executing javascript through IMG tags using XSRF alone is not possible to my knowledge, you would need a XSS vulnerability for that which if there was one, renders the XSRF a moot point.

Right. I was actually trying to incorporate an XSS vulnerability to use with this, but I came up short on most things minus a few potential popups.
Though I couldn't say the same about your site Euforia33....... ;)
Image

For those about to rock.
User avatar
mShred
Administrator
Administrator
 
Posts: 1689
Joined: Tue Jun 22, 2010 4:22 pm
Blog: View Blog (2)


Previous

Return to General

Who is online

Users browsing this forum: No registered users and 0 guests