EvilZone

Hacking and Security => Beginner's Corner => Topic started by: h4ck3r1987 on February 06, 2016, 06:56:51 PM

Title: CSRF Exploitation
Post by: h4ck3r1987 on February 06, 2016, 06:56:51 PM

Hi all,

I have a some query can any one clear my doubts with example.

Q: How can i exploit it  If CSRF Token travel in url on post request ?

Title: Re: CSRF Exploitation
Post by: blindfuzzy on February 07, 2016, 08:25:33 PM

Quote from: h4ck3r1987 on February 06, 2016, 07:03:05 PM

Ummm, GET and POST requests can be easily made through HTML forms, images, script tags etc... I'd worry less about CSRF exploitation if you are asking that question. You need to do some research.

Title: Re: CSRF Exploitation
Post by: neoxquick on February 08, 2016, 02:39:04 AM

here is link:
http://www.mcafee.com/sg/resources/white-papers/wp-csrf-attack-defense.pdf

read it .. i think it can help you ..

bye N

Title: Re: CSRF Exploitation
Post by: x40a0e on February 09, 2016, 01:21:18 AM

If there is a CSRF token (sounds like there is) it may not be possible. If the token is static and does not change across page loads / sessions, then you should be able to exploit it, but if it is a randomly generated dynamic token, you're basically SOL.