Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

CSRF token and XSS vulnerability

Tags:

security

php

xss

csrf

web

Let's say that we use a CSRF token in our forms, but it happens that there is an unnoticed XSS hole on our site.

From what I uderstand, CSRF token protection is completely void in this case, because attacker can retreive it with XMLHttpRequest through XSS.

In such case, is there a way to enchant the CSRF protection in a way that it would survive the attack or should our site first have a secure anti-XSS protection before doing any king of CSRF at all?

Setting a new token upon every page request instead of token on login would deal with it? This brings up the problem of having more forms open at once and I don't like it.

like image 505
cen Avatar asked Jun 20 '12 00:06

cen

People also ask

Does CSRF token prevent XSS?

CSRF tokens do not protect against stored XSS vulnerabilities. If a page that is protected by a CSRF token is also the output point for a stored XSS vulnerability, then that XSS vulnerability can be exploited in the usual way, and the XSS payload will execute when a user visits the page.

What CSRF and reflected XSS attacks have in common?

Both CSRF and XSS are client-side attacks that abuse the same-origin policy and exploit the trust relationship between the web application and the victim user. XSS and Cross-site scripting attacks allow an attacker to compromise the interactions of legitimate users with any vulnerable application.

What are CSRF vulnerabilities?

Cross-site request forgery (also known as CSRF) is a web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to perform.

What is vulnerable to XSS?

A web page or web application is vulnerable to XSS if it uses unsanitized user input in the output that it generates. This user input must then be parsed by the victim's browser. XSS attacks are possible in VBScript, ActiveX, Flash, and even CSS.

1 Answers

Your site should have closed any XSS holes that you've found otherwise CSRF is useless. However it would be useful to add CSRF in parallel so that once all XSS bugs are fixed the site's csrf protection is working too.

Unfortunately there is no way to protect against CSRF if there are XSS holes because with an XSS hole an attacker can read your website and check for tokens (using javascript). So any way and anywhere you add a token, that token can be found and then screenscraped

However if you make sure that there are no XSS bugs on your important pages and then add CSRF protection, there are still security holes but the skill level needed to chain multiple bugs together is more difficult.

like image 145
twunde Avatar answered Sep 24 '22 02:09

twunde
Sign in to Comment

Related questions

How to use pgFouine with PostgreSQL 9.1?
PHP: Read from certain point in file
Cannot use assign-op operators with overloaded objects nor string offsets
What does the php function 'overload' do?
Facebook connect situation
Getting start and end date of a PHP DatePeriod object?
cakePHP isAuthorized not working
Monitoring Memcached with PHP script
How to set $PATH for php exec or shell_exec
Can't fetch plain text mails content using IMAP
FOSRestBundle adds 'S' in get URL
PHP SOAP Header construction
Can I close a file by unsetting the handle?
How to replace words outside double and single quotes
Persistent connection via PHP to APNS
How to submit form on an external website and get generated HTML?
Is this the proper method to Long Polling(Comet programming)
Shopify API PHP: Updating a variant's attributes, specifically inventory quantity
Retrieving the last inserted ids for multiple rows
syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING [duplicate]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!