18. Cross Site Request Forgery – Vulnerable Code
• Missing CSRF token in post data
• Using $_GET or $_REQUEST instead of $_POST in data update
Vulnerable Scenario
update_user.php
<?php
$name = $_REQUEST['name'];
$about = $_REQUEST['about'];
$username = $_REQUEST['username'];
// update user info
?>
attck.html
<!DOCTYPE html>
<html>
<body>
<img src="http://localhost/csrf/update_user.php?name=YouHaveBeenHackedByVinoth" alt="You Have Been Hacked :(" height="0" width="0"/>
</body>
</html>
19. Cross Site Request Forgery – Fix
<?php
$name = $_POST['name'];
$about = $_POST['about'];
$username = $_POST['username'];
if($_SESSION['csrf_token'] != $_POST['csrf_token']){
echo 'Wrong Token';
}
// update user info
?>
update_user_fixed.php
• avoid $_REQUEST and $_GET for getting post information
• use CSRF Token for post data