Reply to Re: [PHP] security/sql issues with php

Your name:

Reply:


Posted by Chris Shiflett on 09/22/05 02:16

bruce wrote:
> i just read an article that described how someone could have a url of
> 'http://foo.com/....' and have the URL in an <img> in their website.
> the website could be cat.com. the article implied that if a user would
> select the img, the link to the foo.com would be initiated, thereby
> fooling the user...
>
> i'm lost. i was under the impression that any interaction between the
> user and foo.com was essentially between the user and 'foo.com'. so that
> even though 'cat.com' may have caused the user to hit the link, the
> communication still occurs between the user and 'foo.com', not 'cat.com'

It sounds like you read an article about CSRF, cross-site request
forgeries. This is a bit difficult to explain, and it's a vulnerability
that exists in almost every PHP application I've audited.

CSRF describes any attack that causes a victim to send a request of the
attacker's choosing. In other words, a victim might send a request to
http://books.example.org/ without knowing it and without actually
visiting a web page at http://books.example.org/.

Using an img tag is just one type of attack - it's the most common, but
only because it's the easiest.

I gave a talk recently that was a hands-on demonstration of a handful of
common attacks, and CSRF was one:

http://brainbulb.com/talks/php-security-by-example.pdf

You can get the code for the exercises here:

http://brainbulb.com/phpworks.tar.gz

The second exercise is devoted to CSRF, and your first task is to
exploit the vulnerability. I think exploiting vulnerabilities is a
pretty good way to get a better understanding of them. Unfortunately,
viewing the slides of a talk is much less helpful than the talk itself,
but maybe there's enough there for you to understand the attack.

Hope that helps.

Chris

--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация