Follow us on Twitter!
It is never to LATE to become what you never WERE.
Thursday, April 17, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 20
Guests Online: 17
Members Online: 3

Registered Members: 82822
Newest Member: TheBunter
Latest Articles
View Thread

HellBound Hackers | HellBound Hackers | Lessons

Author

Fun With CSRF


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-05-07 16:16
Live site with CSRF exploit

Info: I change a user's password & text via CSRF
Many other things could have been done as you should be able to see in this video.

http://4filehosting.com/file/12235/funwithcsrf-rar.html

***the site has been patched, so don't go f*cking with it...




Edited by on 23-05-07 16:50
Author

RE: Fun With CSRF


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-05-07 18:02
just watched it. nice workWink hope you do another one because that one was quite good


Author

RE: Fun With CSRF


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 09-06-07 17:59
Very nice XSS/CSRF!

Wouldn't it have been possible to create an XSS worm by making whoever viewed your profile post the same on their profile as well?
Author

RE: Fun With CSRF


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 10-06-07 02:59
that's not possible?, the server has to use $_REQUEST for that to work, images are sent in $_GET aren't they? so you can't do a $_POST with images without the server using REQUEST...


quote me if im wrong :S


Author

RE: Fun With CSRF


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 10-06-07 03:28
HackingForce wrote:
that's not possible?, the server has to use $_REQUEST for that to work, images are sent in $_GET aren't they? so you can't do a $_POST with images without the server using REQUEST...


quote me if im wrong :S

you're wrong. you CAN do it with post


Author

RE: Fun With CSRF


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 10-06-07 03:32
just watched it.
very cool.
taught me things.
excellent work.


Author

RE: Fun With CSRF


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 24-01-09 18:11
Hey dude can you reup the vid?
Author

RE: Fun With CSRF

yours31f
Member



Posts: 1678
Location: Dallas Texas
Joined: 27.04.07
Rank:
Elite
Posted on 24-01-09 18:32
Wow, good job necro-ing a thread thats been dead for a year and a half. Last Post ( 09-06-07 ) . Next time check before you post.


Debugging is what programmers do to beta software to make it take up more room on your hard drive if it is running too efficiently.


img259.imageshack.us/img259/3713/sigr.png

yours31f@live.com yours31f@yahoo.com rpwd.info
Author

RE: Fun With CSRF

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 24-01-09 18:35
st3f0 wrote:
Hey dude can you reup the vid?


Contact nights_shadow and ask him for funwithcsrf.avi. He'll sort you out.





img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net