Page 3 of 3

Re: CSRF. **testing page - view at your own risk**

PostPosted: Thu Apr 11, 2013 10:21 pm
by hellow533
Yep, it worked, as stated from test account. Javascript 1, 4, 5, 6, and 7 were all passed instantly with CSRF.

Re: CSRF. **testing page - view at your own risk**

PostPosted: Thu Apr 11, 2013 10:32 pm
by 3vilp4wn
Put code tags on those please!
And edit out the answers.
Also, you can pass js 3 like that, I tried it. look at my last post in the js3 thread.

Re: CSRF. **testing page - view at your own risk**

PostPosted: Thu Apr 11, 2013 11:25 pm
by hellow533
I know, that's why I didn't include JS3 in the test :D

-- Fri Apr 12, 2013 5:20 pm --

Fixed, now it's blocked out and in code.

You can also delete private messages with CSRF, but you need the correct message number.

Re: CSRF. **testing page - view at your own risk**

PostPosted: Fri Apr 12, 2013 7:58 am
by -Ninjex-
Nice...

:twisted:

Re: CSRF. **testing page - view at your own risk**

PostPosted: Fri Apr 12, 2013 6:03 pm
by 3vilp4wn
hellow533 wrote:You can also delete private messages with CSRF, but you need the correct message number.

You also need the right referrer (or referer if you prefer). I tried it, but as far as I can see, spoofing the referrer in a get request is impossible.
-Ninjex- wrote:Nice...


Thanks!
hellow533 wrote:Yep, it worked, as stated from test account. Javascript 1, 4, 5, 6, and 7 were all passed instantly with CSRF.

You might be able to do 2 as well, as JS isn't enabled in the get request. :D

Re: CSRF. **testing page - view at your own risk**

PostPosted: Fri Apr 12, 2013 6:08 pm
by hellow533
Two was there, it just didn't pass.

Re: CSRF. **testing page - view at your own risk**

PostPosted: Fri Apr 12, 2013 7:59 pm
by 3vilp4wn
hellow533 wrote:Two was there, it just didn't pass.

Wait, so that means that the CSRF executes JS? There are so many things that are wrong with that...

Re: CSRF. **testing page - view at your own risk**

PostPosted: Wed Jun 26, 2013 6:59 pm
by Euforia33
No, IMG tags are embedded resources and simply send requests using $_GET. Executing javascript through IMG tags using XSRF alone is not possible to my knowledge, you would need a XSS vulnerability for that which if there was one, renders the XSRF a moot point.

Social engineering is the most common technique used for that type of XSRF attack, by getting someone (while they are logged in to the target site) to click on a link to a page where there's an auto-submitting form, someone could POST on their behalf provided there are no checks for tokens or the referrer.

Re: CSRF. **testing page - view at your own risk**

PostPosted: Sat Jun 29, 2013 4:01 pm
by mShred
Euforia33 wrote:No, IMG tags are embedded resources and simply send requests using $_GET. Executing javascript through IMG tags using XSRF alone is not possible to my knowledge, you would need a XSS vulnerability for that which if there was one, renders the XSRF a moot point.

Right. I was actually trying to incorporate an XSS vulnerability to use with this, but I came up short on most things minus a few potential popups.
Though I couldn't say the same about your site Euforia33....... ;)