Score the CSRF issue

[GoogleCodeExporter]

Adding products to the basket is vulnerable to CRSF attacks.
Need to find a good way of scoring this - any suggestions welcome.

Original issue reported on code.google.com by psii...@gmail.com on 14 Apr 2011 at 2:57

[GoogleCodeExporter]

Or even CSRF ;)

Original comment by psii...@gmail.com on 17 Apr 2011 at 4:46

• Changed title: Score the CSRF issue
• Added labels: ****
• Removed labels: ****

[GoogleCodeExporter]

Can we run it on XAMP?

Original comment by rbsoulhu...@gmail.com on 19 Apr 2011 at 7:35

• Added labels: ****
• Removed labels: ****

[GoogleCodeExporter]

I've not tried, but a quick search turned up posts like this: 
http://mistonline.in/wp/how-to-run-jsp-in-xampp/

Original comment by psii...@gmail.com on 19 Apr 2011 at 8:50

• Added labels: ****
• Removed labels: ****

[GoogleCodeExporter]

Two ways I can think of:
1) Check the referrer header. If its not from an item page which has the "add 
to basket" link, then score it.

2) Do a CSRF token in reverse ;-). Add a nonce to the legit request, but don't 
require it to be the right value. If its the wrong value, view it as a 
successful CSRF attack. Make that value change every time something is added to 
the basket, and its very unlikely someone will try CSRF and not have it scored 
right.

Original comment by d...@dlogan.com on 29 Aug 2014 at 5:43

• Added labels: ****
• Removed labels: ****

[GoogleCodeExporter]

This has been implemented. Changes are in commit 34.

I used the HTTP Header method. If someone really follows the directions by 
"adding to their cart by getting someone to navigate to your webpage", they 
will have to either host a webpage, or use a file that's open. Both will mess 
up the header and show them completing the goal.

Original comment by d...@dlogan.com on 29 Aug 2014 at 9:52

• Changed state: Fixed
• Added labels: ****
• Removed labels: ****