Re: Multiple XSRF in DD-WRT (Remote Root Command Execution)

[Hanno Böck <hanno () hboeck de>]

Am Mittwoch 10 Dezember 2008 schrieb s.gottschall () dd-wrt com:
> in fact. just a plain POST to a authenticated dd-wrt session. without
> beeing logged in locally it would not have any effect

That's exactly the problem, as this POST can be triggered from a third-party 
webpage via javascript.

You are familiar with Cross Site Request Forgery attacks? Wikipedia gives some 
good introduction:
http://en.wikipedia.org/wiki/CSRF

All forms in web applications doing changes that require authentication need 
some extra protection to prevent CSRF. Usually this is done by some random 
token that may be created out of a random session value stored on the 
application site combined with an id of the form. This has to be checked 
before any action is executed.



-- 
Hanno Böck              Blog:           http://www.hboeck.de/
GPG: 3DBD3B20           Jabber/Mail:    hanno () hboeck de

http://www.jukss.de/ Jugemdumweltkongress, 27.12.-4.1.

Attachment: signature.asc
Description: This is a digitally signed message part.