|
|
Posted by Justin Koivisto on 02/13/06 16:25
Kevin D. wrote:
> "Justin Koivisto" <justin@koivi.com> wrote in message
> news:94-dnT4srOt-JHHeRVn-vw@onvoy.com...
>> Justin Koivisto wrote:
>>> When I get in to the office, I'll set up a simple little form for
>>> testing this out again. However, the first tests I ran didn't work at
>>> all. Maybe I'll post the URL of the test form for others to take a try
>>> at. ;)
>> OK, I worked on this a bit, and I have been able to spoof through this.
>> I will release some details and proof of concept when I have some more
>> time (maybe tomorrow).
>
> i'm very curious to see how you did spoof it... my own theory to spoof this
> method is to manually create the session (cookie) on your own machine
>
> in other words, the check you presented only works because the hidden form
> token (which is easily copied and pasted onto the "spoofing" server) matches
> the session token (i'm assuming this is stored in a cookie on the submitting
> client)
>
> i have no idea what it would take to manually create this cookie on your own
> client, however
I just pulled out my code from my first attempt with php & curl. With
the correct settings, I was able to have the session id get saved (which
is what was failing last time).
--
Justin Koivisto, ZCE - justin@koivi.com
http://koivi.com
Navigation:
[Reply to this message]
|