Cross Site Request Forgery (CSRF)

Thead Owner : Houga, Category : Everything Coding, 3 Comment, 90 Read

Viewers: 1 Guest(s)

Houga

Member

4 Years of Service

08-10-2014, 10:07 PM

Hello, My name is Houga consider this a introduction and tutorial, I'm currently going to college with 3 majors.

So Cross Site Request Forgery (CSRF) is very easy to protect against and commence, Let's have a example.

perkbank.com/send.php?to=Perk&amount=100

This will send 100 of x currency to Perk.

Now, x also notices this link, he then disguises it as a photo etc and sends it to x.

perkbank.com/send.php?to=x&amount=100

This authorizes the transaction and x will gain 100 of x currency.

How to fix this:

Tokens is the easiest way.

Thanks for the read - Any grammar mistakes or questions are welcomed :)

Go Upstairs

Messages In This Thread

Cross Site Request Forgery (CSRF) - by Houga - 08-10-2014, 10:07 PM

Cross Site Request Forgery (CSRF) - by Ghost - 08-10-2014, 10:08 PM

Cross Site Request Forgery (CSRF) - by Houga - 08-10-2014, 10:23 PM

Cross Site Request Forgery (CSRF) - by piemolneus - 08-11-2014, 11:27 AM

Forum Jump:

Leak Society

Leak Society

Forum Stats