When we talk about CSRF we often assume that there is one kind only. After all, what else is in there when CSRF is all about making GET or POST requests on behalf of the victim? The victim needs to visit a page which launches the CSRF exploit. If the victim happens to have an established session with the exploited application, the attacker can perform the desired action like resetting the login credentials, for example. [...]
It is probably about time to announce that I am one of the authors of the upcoming XSS Book, RSnake talked about a month ago on his blog. The complete list of authors is: Seth Fogie, Jeremiah Grossman, Robert Hansen, Anton Rager and Petko Petkov (a.k.a me).
The book is going quite well and I hope that it will provide a good starting point for those who are interested in getting into client-side web security but don’t know much about it. [...]
When you are restricted by the size of input, you have to think about the smallest possible unit that can expand to something that is much bigger. In traditional buffer overflow vulnerabilities attackers take advantage of various packaging techniques. Sometimes, the overflow crack is so small that only 140-160 bites (figuratively speaking) of data can squeeze in. [...]
WormX is a collection of various notorious web worms mostly written on the top of popular client-side technologies and propagating primarily on social networking web sites.
For those of you who do not know what ajax worms are, here is a bit of Internet history:
If you want to submit a worm, we are going to need the following information:
Worm name – It must be enclosed inside <h3>[atom name here]</h3> tags. [...]
The purpose of this project is to collect useful attack snippets (atoms) which can be employed when performing WEB Application Security testing. Atom submissions must follow certain format which is:
Atom name – It must be enclosed inside <h3>[atom name here]</h3> tags.
Atom description – It must start on a new paragraph.
Atom code – It must be enclosed inside <pre><code>[atom code here]</code></pre> tags. [...]
In Blogger Classic, admin users who originally created a blog can be removed by other admin users. This behavior allows for a complete and non-reversible hijack of a Blogger Classic blog through CSRF/XSRF/session riding/one-click attacks.
The process is a two shots attacks, meaning that the victim admin user needs to click on two different links while being authenticated. Due to the nature of blogging, in which admins go through the comments posted by visitors, this attack is very feasible. [...]
CSRF or Cross-site Request Forgery sounds quite self-explanatory. This is an attack vector that gives malicious sites the ability to send a (forged) request from its context to a different site. The purpose of this attack vector is to act on behalf of the current user in order to gain control of his/her account or perform other types of malicious activities.
This may sound a bit difficult to imagine but in practice it is quite simple. [...]
Automation – it is the power to change the boring repetitive task into something that is more fun. Automation is also what I seek when I do security research or penetration testing. If there is a security vulnerability; we write an exploit for it. If there is a known method of exposing thousands of machines to malicious attacks; we write a worm for it or at least a vulnerability assessment engine. [...]