| Author |
Fun With CSRF |
nights_shadow
Member
Posts: 856
Location: /var/log/messages
Joined: 30.12.04
Rank: God |
|
Live site with CSRF exploit
Info: I change a user's password & text via CSRF
Many other things could have been done as you should be able to see in this video.
http://4filehosting.com/file/12235/funwithcsrf-rar.html
***the site has been patched, so don't go f*cking with it...
Edited by nights_shadow on 23-05-07 15:50 |
  
|
| Author |
RE: Fun With CSRF |
koolkeith12345
Member
Posts: 603
Location:
Joined: 25.09.06
Rank: Elite |
|
just watched it. nice work hope you do another one because that one was quite good
|
|
|
| Author |
RE: Fun With CSRF |
eqqqqq
Member
Posts: 5
Location: KY
Joined: 26.05.07
Rank: Hacker Level 2 |
|
Very nice XSS/CSRF!
Wouldn't it have been possible to create an XSS worm by making whoever viewed your profile post the same on their profile as well? |
|
|
| Author |
RE: Fun With CSRF |
HackingForce
Member
Posts: 328
Location: -ⁿººƁ.land-
Joined: 24.11.06
Rank: Mad User |
|
that's not possible?, the server has to use $_REQUEST for that to work, images are sent in $_GET aren't they? so you can't do a $_POST with images without the server using REQUEST...
quote me if im wrong :S
|
 
|
| Author |
RE: Fun With CSRF |
end3r
Banned
Posts: 250
Location: US
Joined: 16.09.06
Rank: Monster
Warn Level: 100
|
|
|
HackingForce wrote:
that's not possible?, the server has to use $_REQUEST for that to work, images are sent in $_GET aren't they? so you can't do a $_POST with images without the server using REQUEST...
quote me if im wrong :S
you're wrong. you CAN do it with post
d3c14r7e2
Most of you idiots won't even figure out what that is. I'm done here. |
|
|
| Author |
RE: Fun With CSRF |
lesserlightsofheaven
Member
Posts: 723
Location: EAX
Joined: 02.11.06
Rank: God
Warn Level: 30
|
|
just watched it.
very cool.
taught me things.
excellent work.
"'Following a telephone line north, I have come upon some wonderful places,' continued the repairman. 'Swamps where cedars grow and turtles wait on logs but not for anything in particular; fields bordered by crooked fences broken by years of standing still; orchards so old they have forgotten where the farmhouse is. In the north I have eaten my lunch in pastures rank with ferns and junipers, all under fair skies with a wind blowing. My business has taken me into spruce woods on winter nights where the snow lay deep and soft, a perfect place for a carnival of rabbits. I have sat at peace on the freight platforms of railroad junctions in the north, in the warm hours and with the warm smells. I know fresh lakes in the north, undisturbed except by fish and hawk and, of course, by the Telephone Company, which has to follow its nose. I know all these places well. They are a long way from here--don't forget that. And a person who is looking for something doesn't travel very fast.'" |
|
|
| Author |
RE: Fun With CSRF |
st3f0
Member
Posts: 1
Location:
Joined: 19.02.08
Rank: Newbie |
|
|
Hey dude can you reup the vid? |
|
|
| Author |
RE: Fun With CSRF |
yours31f
Second to one
Posts: 1678
Location: Dallas Texas
Joined: 27.04.07
Rank: Satan |
|
Wow, good job necro-ing a thread thats been dead for a year and a half. Last Post ( 09-06-07 ) . Next time check before you post.
Debugging is what programmers do to beta software to make it take up more room on your hard drive if it is running too efficiently.
|
|
|
| Author |
RE: Fun With CSRF |
spyware
Member
Posts: 4158
Location: The Netherlands
Joined: 14.04.07
Rank: God
Warn Level: 90
|
|
|
st3f0 wrote:
Hey dude can you reup the vid?
Contact nights_shadow and ask him for funwithcsrf.avi. He'll sort you out.
The most censored HBH profile.
"The chowner of property." - Zeph“Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.” - Carl Sagan “Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert |
|
|
Main:
