Hi,
A thought; if the user specifies two sets of credentials, it wouuld be
simple to check whether a page, when accessed with two different
sessions, are identical*. If they are => that's csrf. Similarly, if the
page containing the form can be accessed without credentials, and it
also is identical
Andrés, Taras,
please see inline below.
Achim
Am 29.02.2012 20:34, schrieb Andres Riancho:
> On Tue, Feb 28, 2012 at 5:36 PM, Achim Hoffmann wrote:
>> Taras, Andrés,
>>
>> first of all CSRF is not limited to
>> - requests with parameters
>> - POST reqeusts
>> - GET requests
>> - requests wi
Andres,
Ok. So I will make some experiments in the branch and then write to list
again :)
29.02.2012 23:37, Andres Riancho пишет:
> Taras,
>
> On Wed, Feb 29, 2012 at 12:47 PM, Taras wrote:
>> Andres, please read inline
>>
>>
Every request inside user's area of web
application with pa
Taras,
On Wed, Feb 29, 2012 at 12:47 PM, Taras wrote:
> Andres, please read inline
>
>
>>> Every request inside user's area of web
>>> application with params will be detected as vulnerable. I' have decided
>>> to improve it (with making some research) and want to discuss with you
>>> interesting
Achim,
On Tue, Feb 28, 2012 at 5:36 PM, Achim Hoffmann wrote:
> Taras, Andrés,
>
> first of all CSRF is not limited to
> - requests with parameters
> - POST reqeusts
> - GET requests
> - requests with cookies
> - requests for authenticated sessions
>
> more details see inline below
Yes, I a
Achim, please read inline
> ...
> IMHO following algorithm -if done in this sequence- is a bit hopeless.
>
>> * Crawl the web application without credentials, store non-authenticated
>> forms
>> * Login to the web application with the user provided credentials
>> * Crawl the web application keepi
Andres, please read inline
>> Every request inside user's area of web
>> application with params will be detected as vulnerable. I' have decided
>> to improve it (with making some research) and want to discuss with you
>> interesting topic - automation detection of CSRF flaws. My current view
>> o
Taras, Andrés,
first of all CSRF is not limited to
- requests with parameters
- POST reqeusts
- GET requests
- requests with cookies
- requests for authenticated sessions
more details see inline below
Achim
Am 28.02.2012 20:42, schrieb Andres Riancho:
> Taras,
>
> On Tue, Feb 28, 20
Taras,
On Tue, Feb 28, 2012 at 4:27 PM, Taras wrote:
> Hi, all!
>
> There is CSRF plugin in w3af [0]. The problem is this plugin is too
> simple:
>
> "The simplest type of XSRF is checked, to be vulnerable, the web
> application must have sent a permanent cookie, and the aplicacion must
> have qu
Hi, all!
There is CSRF plugin in w3af [0]. The problem is this plugin is too
simple:
"The simplest type of XSRF is checked, to be vulnerable, the web
application must have sent a permanent cookie, and the aplicacion must
have query string parameters."
In most cases it will be better to *not us
10 matches
Mail list logo