CSRF + GET request proof of concept

Discuss the many weaknesses of browser security and ways to mitigate the threat

CSRF + GET request proof of concept

Post by 3vilp4wn on Sun Mar 10, 2013 2:38 pm
([msg=74449]see CSRF + GET request proof of concept[/msg])


I recently wrote an article for HTS that you can find here.
This post assumes you have read it...

This post is a simple proof of concept showing that anyone can post on a forum and force your browser to make a get request.


If you see the word "Image" above this, your browser you just searched Google for "3vilp4wn is awesome".

Need proof? Just download the "tamper data" plugin for firefox and look at the requests your browser is making.

Keep in mind that I could have had you searching for anything I want you to, downloading n0rp/pirated content, use you to get more site views, etc.

Fun stuff!

-- Thu Apr 04, 2013 4:26 pm --

Big necro here, but I thought that I ought to mention it. The top google autosuggest for "3vilp" is "3vil p4wn is awesome" now. :D

Thanks for all those searches! :lol:
Do not mistake understanding for realization, and do not mistake realization for liberation
Evil Ninja Hackers

User avatar
Posts: 144
Joined: Sun Feb 10, 2013 2:05 am
Location: The darkness.
Blog: View Blog (0)

Return to Web

Who is online

Users browsing this forum: No registered users and 0 guests