WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [PHP] CSRF attack not possible in I.E. 6.01 SP1?

From: Chris Shiflett <shiflett () php net>
Date: Mon, 16 Aug 2004 11:55:55 -0700 (PDT)
--- Saqib.N.Ali () seagate com wrote:

I can't share the exact code ;) , but here is something very
similar:

<img src="http://slashdot.org/my/logout"; height="1" width="1">

If I load a web page with the above code, it should log me out
of slashdot. It works in Mozilla (and netscape), but not in I.E.
6.01 SP1


The best information would be if you can capture the exact HTTP
transactions involved. For example, using something like ethereal, capture
the request and response for Mozilla, and then do the same for IE 6.01
SP1.

Short of that, you could create a URL specifically made for testing this.
You can create a PHP file called csrf.php and another called csrf.png.
Make .png files be interepreted as PHP (just for the purposes of this
test), and then you can log a lot of useful information in your test
scripts.

Hope that helps.

Chris

=====
Chris Shiflett - http://shiflett.org/

PHP Security - O'Reilly
     Coming Fall 2004
HTTP Developer's Handbook - Sams
     http://httphandbook.org/
PHP Community Site
     http://phpcommunity.org/
Previous By Date Next
Previous By Thread Next

Current thread: