CSRF Web Vulnerabilities – Nikita Makeyev
Upcoming SlideShare
Loading in...5
×
 

CSRF Web Vulnerabilities – Nikita Makeyev

on

  • 1,122 views

CSRF Web Vulnerabilities – Nikita Makeyev

CSRF Web Vulnerabilities – Nikita Makeyev
Submitted for BarCamp Memphis 2010

Statistics

Views

Total Views
1,122
Views on SlideShare
1,122
Embed Views
0

Actions

Likes
0
Downloads
9
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as OpenOffice

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • ASK: how many freelancers? ASK: How many business owners?

CSRF Web Vulnerabilities – Nikita Makeyev CSRF Web Vulnerabilities – Nikita Makeyev Presentation Transcript

    • Welcome Cross Site Request Forgery (CSRF) Nikita Makeyev, CoreCommerce
  • * Cross Site Request Forgery * CSRF * XSRF * One-Click Attack * Session Riding
      Cross Site Request What?
    • Step 1 :
    • Attacker finds a website that:
      • performs an action upon a GET request
      • OR
      • performs an action upon a POST request
      • but doesn't differentiate between POST
      • and GET data
    • How Does It Work?
    • Step 2 :
      • Attacker constructs a string that simulates
      • a server action request and includes it as
      • a src of an image or a script on a bunch of
      • sites - blogs, forums, malicious sites, etc.
      • <img src=” https://www.mybank.com/account.php?m=update_account &submit=Y&email=hostile@evil.com ” alt=”image” />
    • How Does It Work?
    • Step 3 :
      • Legitimate user accesses
      • https://www.mybank.com/account.php ,
      • logs in and then happens to visit one of
      • the compromised pages.
    • How Does It Work?
    • Step 4:
      • Attacker checks
      • https://www.mybank.com/account.php
      • every day and attempts to use the forgot
      • password feature using [email_address]
    • How Does It Work?
      • Web developers aren't as familiar with this vulnerability as some other ones (XSS, SQL injection)
      • Site relying on user identity
      • Attacker able to find a form submission or a URL that performs action
      • Attacker must lure victim to a page with malicious code
    • What Makes It Possible?
      • Undetectable by automated scanners
      • No damage ceiling
      • The attack is silent
      • Easily mountable
      • Combines with XSS
      Why Is It Dangerous?
      • Do not use REQUEST
      • Only use POST to initiate actions
      • Checking the HTTP Referrer header
      • Use random server generated user-specific token in all form submission
    <form action=”index.php” method=”POST”> … <input type=”hidden” name=”<?php print $oneTimeTokenName” value=”<?php print $oneTimeTokenValue” /> ... </form>
      How Do I Prevent It?
    • Questions & Discussion