CSRF (sorta) test

Got an idea on how things should be done? A problem with something on the site? Voice your opinion!

CSRF (sorta) test

Post by mutants_r_us_guild on Wed Sep 03, 2008 7:36 pm
([msg=10864]see CSRF (sorta) test[/msg])

I'm going to see if putting the URL for this thread in my sig via an img tag will make the view count skyrocket. Let's see what happens.
Image
Image
Image
User avatar
mutants_r_us_guild
Poster
Poster
 
Posts: 246
Joined: Fri May 30, 2008 7:56 pm
Blog: View Blog (0)


Re: CSRF (sorta) test

Post by mutants_r_us_guild on Wed Sep 03, 2008 7:38 pm
([msg=10865]see Re: CSRF (sorta) test[/msg])

Darn... it blocks it by checking for image dimensions.. hmmm.. maybe a crafty php file can circumvent this. If that is the way it blocks the logout CSRF then maybe that vuln shall rise again. :P
Image
Image
Image
User avatar
mutants_r_us_guild
Poster
Poster
 
Posts: 246
Joined: Fri May 30, 2008 7:56 pm
Blog: View Blog (0)


Re: CSRF (sorta) test

Post by tgoe on Wed Oct 15, 2008 9:57 pm
([msg=13765]see Re: CSRF (sorta) test[/msg])

lets give it a try... i'm gonna use KornShell, though.

EDIT
  • I'm pretty sure logout of the forums won't be possible
  • Inflating the view count seems to work.
User avatar
tgoe
Contributor
Contributor
 
Posts: 716
Joined: Sun Sep 28, 2008 2:33 pm
Location: q3dm7
Blog: View Blog (0)


Re: CSRF (sorta) test

Post by mutants_r_us_guild on Tue Nov 25, 2008 10:32 pm
([msg=15471]see Re: CSRF (sorta) test[/msg])

hmmm.... the view count does seem to be very high.. hmm.. maybe there's something to this.
Image
Image
Image
User avatar
mutants_r_us_guild
Poster
Poster
 
Posts: 246
Joined: Fri May 30, 2008 7:56 pm
Blog: View Blog (0)


Re: CSRF (sorta) test

Post by xelix on Tue Nov 25, 2008 10:51 pm
([msg=15472]see Re: CSRF (sorta) test[/msg])

You could embed it in an image tag and get hits to go up, because it still makes a request to the page to check the headers for a valid image format.

EDIT: I'll remove these two..

And this, is a little trick with PHP and GIF images: Image

Although it doesn't execute (it's stripped of all non-image data) You can see it here to see the xss popup embedded in it.
shutdown -h 0 "Since when is death an option?"
Image
Image
User avatar
xelix
Experienced User
Experienced User
 
Posts: 52
Joined: Mon Oct 20, 2008 1:00 pm
Location: mv -f / /dev/null && shutdown -h 0 "You just lost the game."
Blog: View Blog (0)


Re: CSRF (sorta) test

Post by mutants_r_us_guild on Tue Nov 25, 2008 11:40 pm
([msg=15479]see Re: CSRF (sorta) test[/msg])

Image


so if i put it in image tags like that it wont work?...
hmmm... what about GIFARS?

or.. what happens if I do this...
Image
Image
Image
Image
Image
Image
Image
Image
Image
Image
Image
Image
Image
Image
Image
Image
Image
Image
Image
Image
Image

each time it says "image" is hopefully another view via CSRF
Image
Image
Image
User avatar
mutants_r_us_guild
Poster
Poster
 
Posts: 246
Joined: Fri May 30, 2008 7:56 pm
Blog: View Blog (0)


Re: CSRF (sorta) test

Post by mutants_r_us_guild on Tue Nov 25, 2008 11:44 pm
([msg=15480]see Re: CSRF (sorta) test[/msg])

eh.... no deal

I guess HTS isn't that vulnerable.. time to go check around the site and look at places most people don't think to check :)
Image
Image
Image
User avatar
mutants_r_us_guild
Poster
Poster
 
Posts: 246
Joined: Fri May 30, 2008 7:56 pm
Blog: View Blog (0)


Re: CSRF (sorta) test

Post by xelix on Wed Nov 26, 2008 12:12 am
([msg=15482]see Re: CSRF (sorta) test[/msg])

mutants_r_us_guild wrote:eh.... no deal

I guess HTS isn't that vulnerable.. time to go check around the site and look at places most people don't think to check :)



Sure it is, you just got to know where to look ;)

BTW, the reason it doesn't work through image tags is that only the image data is rendered. Find a way to make image data do something, maybe it'l work :)
shutdown -h 0 "Since when is death an option?"
Image
Image
User avatar
xelix
Experienced User
Experienced User
 
Posts: 52
Joined: Mon Oct 20, 2008 1:00 pm
Location: mv -f / /dev/null && shutdown -h 0 "You just lost the game."
Blog: View Blog (0)



Return to Comments & Suggestions

Who is online

Users browsing this forum: No registered users and 0 guests