Register
Leak Society - The Home Of Nulled Resources.
Forum Beta v1 Now Live!
Cross Site Request Forgery (CSRF)
Thead Owner : Houga, Category : Everything Coding, 3 Comment, 86 Read
Viewers: 1 Guest(s)
Houga
Member
***
68
Messages
29
Threads
0
Rep
4 Years of Service
08-10-2014, 10:07 PM
#1
Hello, My name is Houga consider this a introduction and tutorial, I'm currently going to college with 3 majors.



So Cross Site Request Forgery (CSRF) is very easy to protect against and commence, Let's have a example.


perkbank.com/send.php?to=Perk&amount=100


This will send 100 of x currency to Perk.

Now, x also notices this link, he then disguises it as a photo etc and sends it to x.

perkbank.com/send.php?to=x&amount=100

This authorizes the transaction and x will gain 100 of x currency.


How to fix this:

Tokens is the easiest way.


Thanks for the read - Any grammar mistakes or questions are welcomed :)
Go Upstairs
Reply
Ghost
Administrators
LeakSociety Owner
*****
7,137
Messages
1,907
Threads
4
Rep
2 Weeks
08-10-2014, 10:08 PM
#2
Thanks for the bit of information on cross site request forgery!
Go Upstairs
Reply
Forum Owner
Houga
Member
***
68
Messages
29
Threads
0
Rep
4 Years of Service
08-10-2014, 10:23 PM
#3
(08-10-2014, 10:08 PM)Malevolent Wrote: Thanks for the bit of information on cross site request forgery!

Implying the full thing is a bit - :)
Go Upstairs
Reply
piemolneus
Junior Member
**
15
Messages
1
Threads
0
Rep
4 Years of Service
08-11-2014, 11:27 AM
#4
thanks for the tut <3 will be using this
Go Upstairs
Reply


Forum Jump:

© Leak Society Forum - All Rights Reserved. No files found on Leak Society are hosted on our servers, we only share resources hosted externally.

Extras
Navigation

Forum Stats

  • 18876 Topics,
  • 213121 Messages,
  • 54194 With our member,
Made with by Ghost
LeakSociety Custom MyBB Build v1.2