MemoryRefresh!

Security / Csrf prevention   Csrf prevention



Questions Answers 0%

Pages   0 from 91
Questions   0 from 142

Reset


CSRF Cross-Site Request Forgery Atack: Embed an image in some arbitrary Web site example.org
<img src="shop.com">
If it happend that you are logged on shop.com and you browse example.org, you'll make a purchase, even if you don't want to. The token method involves the use of a randomly generated token that is stored in the user's session when the user accesses the form page and is also placed in a hidden field on the form.
<?php session_start(); if (isset($_POST['btn_submit'])) { if (isset($_SESSION['token']) && isset($_POST['token']) && $_POST['token'] == $_SESSION['token']) { echo 'Accepted'; } else { echo 'Denied'; } } $token = md5(uniqid(rand(), TRUE)); $_SESSION['token'] = $token; ?> <form method="POST"> <input type="hidden" name="token" value="<?php echo $token; ?>" /> <input type="submit" name="btn_submit"/> </form>
1) What is A cross Site Request Forgery?








CSRF Cross-Site Request Forgery Atack: Embed an image in some arbitrary Web site example.org
<img src="shop.com">
If it happend that you are logged on shop.com and you browse example.org, you'll make a purchase, even if you don't want to. The token method involves the use of a randomly generated token that is stored in the user's session when the user accesses the form page and is also placed in a hidden field on the form.
<?php session_start(); if (isset($_POST['btn_submit'])) { if (isset($_SESSION['token']) && isset($_POST['token']) && $_POST['token'] == $_SESSION['token']) { echo 'Accepted'; } else { echo 'Denied'; } } $token = md5(uniqid(rand(), TRUE)); $_SESSION['token'] = $token; ?> <form method="POST"> <input type="hidden" name="token" value="<?php echo $token; ?>" /> <input type="submit" name="btn_submit"/> </form>

References









Programming

Php
   
Regex
   
MySQL
   
Css
   
jQuery
   
Git
   


References