blackspiderconsulting / bodgeit

Automatically exported from code.google.com/p/bodgeit
0 stars 0 forks source link

Score the CSRF issue #1

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
Adding products to the basket is vulnerable to CRSF attacks.
Need to find a good way of scoring this - any suggestions welcome.

Original issue reported on code.google.com by psii...@gmail.com on 14 Apr 2011 at 2:57

GoogleCodeExporter commented 9 years ago
Or even CSRF ;)

Original comment by psii...@gmail.com on 17 Apr 2011 at 4:46

GoogleCodeExporter commented 9 years ago
Can we run it on XAMP?

Original comment by rbsoulhu...@gmail.com on 19 Apr 2011 at 7:35

GoogleCodeExporter commented 9 years ago
I've not tried, but a quick search turned up posts like this: 
http://mistonline.in/wp/how-to-run-jsp-in-xampp/

Original comment by psii...@gmail.com on 19 Apr 2011 at 8:50

GoogleCodeExporter commented 9 years ago
Two ways I can think of:
1) Check the referrer header. If its not from an item page which has the "add 
to basket" link, then score it.

2) Do a CSRF token in reverse ;-). Add a nonce to the legit request, but don't 
require it to be the right value. If its the wrong value, view it as a 
successful CSRF attack. Make that value change every time something is added to 
the basket, and its very unlikely someone will try CSRF and not have it scored 
right.

Original comment by d...@dlogan.com on 29 Aug 2014 at 5:43

GoogleCodeExporter commented 9 years ago
This has been implemented. Changes are in commit 34.

I used the HTTP Header method. If someone really follows the directions by 
"adding to their cart by getting someone to navigate to your webpage", they 
will have to either host a webpage, or use a file that's open. Both will mess 
up the header and show them completing the goal.

Original comment by d...@dlogan.com on 29 Aug 2014 at 9:52