WebApp Sec mailing list archives

Re: CSRF through POST

From: Robin Wood <dninja () gmail com>
Date: Tue, 22 Dec 2009 09:22:58 +0000

2009/12/22 chr1x <chr1x () sectester net>:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Robin,

I went over your question and looks pretty interesting, so, as Boaz
said, the way that you can use is Javascript to do the job.

Take this example:

<form name="myform" action="handle-data.php">
Search: <input type='text' name='query' />
<a href="javascript: submitform()">Search</a>
</form>
<script type="text/javascript">
function submitform()
{
 document.myform.submit();
}
</script>

Javascript uses a submit() method which is used for HTML Forms in
order to send data over HTTP POST method. In this case, you can
configure the Javascript given as example as you required.


Thanks, I've also seen the submit call being done through
onDocumentLoad and from timers which seems to be an ideal way to work
with multi-page forms.

I'm building up a nice little arsenal of attacks here.

Robin



This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

Current thread:

CSRF through POST Robin Wood (Dec 15)
- Re: CSRF through POST arvind doraiswamy (Dec 16)
  - Re: CSRF through POST Robin Wood (Dec 16)
    - RE: CSRF through POST boaz.shunami (Dec 21)
    - Re: CSRF through POST chr1x (Dec 21)
    - Re: CSRF through POST Robin Wood (Dec 22)
    - Re: CSRF through POST Amish Shah (Dec 24)
    - Re: CSRF through POST YGN Ethical Hacker Group (Dec 27)
- Re: CSRF through POST Himanshu Goyal (Dec 22)