SECURITY

  minte9
REMEMBERS




Last update:   13-05-2022

CSRF

Embeded image in some hacker website.
 
# Cross Site Request Forgery 
# 
# If it happend that you are logged on shop.com ...
# and you browse hacker-site.com ...
# you'll make a purchase, even if you don't want to!

<img src="https://www.shop.com/checkout.php?isbn=0312863551">

Token method

The token method involves the use of a randomly generated token.
 
<?php

    # The token is stored in the user's session ...
    # when the user accesses the form page

    session_start();

    if (isset($_POST['btn_submit'])) {
        if (isset($_SESSION['token']) &&
            isset($_POST['token']) &&
                  $_POST['token'] == $_SESSION['token']) { # Look Here
           echo 'Accepted';
        } else {
            echo 'Denied';
        }
    }

    $token = md5(uniqid(rand(), TRUE));
    $_SESSION['token'] = $token;
?>

<form method="POST">
    <input type="hidden" name="token" value="<?= $token; ?>"/>
    <input type="submit" name="btn_submit"/>
</form>    

Questions    
Session hijacking
        A B C D E F
🔔
1/1