« [WebAppSec] Automatic security and HackerSafe | Main | ImageMagick security advisory »
Monday
May052008

CSRF - An underestimated attack method

Cross Site Reference Forgery works by including malicious code or a link in a page that accesses a web application that the user is believed to have authenticated. If the session for that web application has not timed out, an attacker may execute unauthorized commands.

Most Rails applications use cookie-based sessions. Either they store the session id in the cookie and have a server-side session hash, or the entire session hash stays on the client-side. In either case the browser will automatically send along the cookie on every request to a domain, if he can find a cookie for that domain. The controversial point is, that it will also send the cookie, if the request comes from a site of a different domain. Let's start with an example:

 

  • Bob browses a message board and views a post from an attacker where there is a crafted HTML image element. The element references a command in Bob's banking application, rather than an image file (note that .src is meant to be src).

  • <img .src="http://www.bank.com/transfer?account=bob&amount=1000&destination=attacker">

  • Bob's session at www.bank.com is still alive, because he didn't log out a few minutes ago.

  • By viewing the post, the browser finds an image tag, which it tries to load from www.bank.com. As explained before, it will also send along the cookie with the valid session id.

  • The web application at www.bank.com verifies the user information in the corresponding session hash and transfers the money to the attackers account. It then returns a result page which is an unexpected result for the browser, so it will not display the image.

  • Bob doesn't notice the attack, only a few days later he finds out about the strange transfer.

It is important to notice that the actual crafted image or link doesn't necessarily has to be situated in the web application's domain, it can be anywhere – in a forum, blog post or email.

 

CSRF
 

This figure is taken from shiflett.org and illustrates how CSRF works.

 

CSRF appears very rarely in CVE (Common Vulnerabilities and Exposures), less than 0.1% in 2006, but it really is a 'sleeping giant' [Grossman]. This is in stark contrast to the results in my (and others) security contract work – CSRF is an important security issue.

 

 

CSRF Countermeasures

First of all, GET and POST have to be used according to the W3C. Secondly, a security token in non-GET requests will protect your application from CSRF.

The HTTP protocol basically provides two main types of requests - GET and POST (and more, but they are not supported by most browsers). The World Wide Web Consortium (W3C) provides a checklist for choosing HTTP GET or POST:

 

Use GET if:

  • The interaction is more like a question (i.e., it is a safe operation such as a query, read operation, or lookup).

Use POST if:

  • The interaction is more like an order, or

  • The interaction changes the state of the resource in a way that the user would perceive (e.g., a subscription to a service), or

  • The user be held accountable for the results of the interaction.


The verify method in a controller can make sure that specific actions may not be used over GET. Here is an example to verify that the transfer action will be used over POST, otherwise it redirects to the list action.

 

verify :method => :post, :only => [ :transfer ], :redirect_to => { :action => :list }

 

With this precaution, the attack from above will not work, because the browser sends a GET request for images, which will not be accepted by the web application.

But this was only the first step, because POST requests can be send automatically, too. Here is an example for a link which displays harmless.com as destination in the browser's status bar. In fact it dynamically creates a new form that sends a POST request (.href is meant to be href).

 

<a .href="http://www.harmless.com/" onclick="var f = document.createElement('form'); f.style.display = 'none'; this.parentNode.appendChild(f); f.method = 'POST'; f.action = 'http://www.example.com/account/destroy'; f.submit();return false;">To the harmless survey</a>

 

Or the attacker places the code into the onmouseover event handler of an image (again, .src is meant to be src):

 

<img .src="http://www.harmless.com/img" width="400" height="400" onmouseover="..." />

 

There are many other possibilities, including Ajax to attack the victim in the background. The solution to this, is to include a security token in non-GET requests, which will be checked on the server-side. In Rails 2 this is a one-liner in the application controller:

 

protect_from_forgery :secret => "123456789012345678901234567890"

 

This will automatically include a security token, calculated of the current session and the server-side secret, in all forms and Ajax requests generated by Rails. You won't need the secret, if you use CookieStorage as session storage. It will raise an ActionController::InvalidAuthenticityToken error, if the security doesn't match what was expected.

 

Note that cross-site scripting (XSS) vulnerabilities bypass all CSRF protections. XSS gives the attacker access to all elements on a page, so he can read the CSRF security token from a form or directly submit the form.  This is how the Samy MySpace worm did it.

PrintView Printer Friendly Version

EmailEmail Article to Friend

References (194)

References allow you to track sources for this article, as well as articles that were written in response to this article.
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: jogo
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: peinture camion
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: Community manger
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: jeux de
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: yemek oyunu
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: 5htp.org
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: Carri
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: web tools
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: Zulma
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: www.youtube.com
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: Pure GCE REview
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: check this video
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: garcinia cambogia
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: forex trading demo
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: Swol Kreate
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: vimax detox trial
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: Nitroxin Reviews
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: 5Percentforex.com
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: Garciniagoals.Com
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: IXxDSRtK
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    cycling clothing cycling gloves cycling shorts cycling shirts abbigliamento ciclismo abbigliamento moto allenamento ciclismo ciclismo alto milanese
  • Response
    Response: psn codes
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: free psn codes
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: paleo diet recipes
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: free steam keys
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: online doctor
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: hostgator review
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: Binary Option
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: homepage
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: Download minecraft
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: Artpop
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: Roar Cover
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: Sciatica pain
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: sales leads
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: Article Writing
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: Air Water Life
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: Vimax Detox
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Th is is fascinating. Appears to be like some ripped graphics from the W isconsin logo.
  • Response
    Response: www.tyneteam.co.uk
    Seriously like your sites facts! Definitely a great deal of facts that is extremely useful. Continue to maintain publishing and im going to carry on reading via! Cheers.
  • Response
    arguing sage meaningful essen entails cetera shen ankleshwar ointmebt macromedia taps
  • Response
    Thank You!, Phentermine, >:P, Xanax, 229, Tramadol, 68331, Buy Ativan, bjqd, Buy Cialis, gnu,
  • Response
    ha ha hao tube movies featuring teen tube videos, inferior and private harshly movies, mature coupling clips. Free full size XXX videos and lifeless hardcore from all over.
  • Response
    We sure can use some of the tips for our designs, thanks for sharing.
  • Response
    cardura xl 8
  • Response
    Watch New TV Episodes online for free.
  • Response
    Response: paleo diet
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: source web page
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: paleo diet recipes
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: wifi password hack
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: source web page
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: ask fm hack tool
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: amazon promo codes
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: AVG Uninstaller
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: en facebook
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: xlove cam
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: hay day 2014
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: tao of badass
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: underwear for man
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: real hcg drops
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: 5 htp anxiety
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: webpage
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: Air Max Baratas
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: sophi atkins
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: gta 4
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: the sims 3 dodatki
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: Book Of Ra
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: flipkart coupons
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: garcinia cambogia
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: CLICK HERE!
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: incompetence
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: Survey Bypass
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: Male Impotence
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: USHUD
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: USHUD
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: USHUD
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: USHUD
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: hoodia diet
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: Quality Proteins
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: colon hydrotherapy
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: Health care
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: rev test
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: game of ra
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: heroes 3 download
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: raspberry ketone
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: musclemania
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: muscle pain
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: bb health
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: Link K Schwartz
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: Link K Schwartz
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Response: Link Schwartz
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method
  • Response
    Ruby on Rails Security Project - Journal - CSRF - An underestimated attack method

Reader Comments (6)

[...] just read a great article on Cross Site Reference Forgery, specifically related to how Rails 2.0 handles it.  I think it is a must read for all rails [...]

[...] is the link: http://www.rorsecurity.info/2008/05/05/csrf-an-underestimated-attack-method/ Share and Enjoy: These icons link to social bookmarking sites where readers can share and [...]

May 5, 2008 | Unregistered CommenterA CSRF Article

[...] Ruby on Rails Security Project â�� Exploring the Security of Rails and friends. wrote an interesting post today on CSRF - An underestimated attack methodHere’s a quick excerpt Cross Site Reference Forgery works by including malicious code or a link in a page that accesses a web application that the user is believed to have authenticated. If the session for that web application has not timed out, an attacker may execute unauthorized commands. Most Rails applications use cookie-based sessions. Either they store the session id in the cookie and have a server-side session hash, or the entire session hash stays on the client-side. In either case the browser will automa [...]

[...] CSRF - An underestimated attack method [...]

[...] If the session for that web application has not timed out, an attacker may execute unauthohttp://www.rorsecurity.info/2008/05/05/csrf-an-underestimated-attack-method/Universal to allow free music downloads Guardian UnlimitedThe world's largest record label has [...]

[...] CSRF attacks manipulate the user data on his behalf, as described here. The flaw I’ve found is returning live Javascript object with lots of personal data, similar [...]

September 14, 2008 | Unregistered CommenterGUYA.NET » Blog Archive

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>