CSRF Vulnerability

Brought to you by: lordlamer

#4 CSRF Vulnerability

Milestone: developement version

Status: open

Owner: nobody

Labels: security (1)

Priority: 5

Updated: 2011-05-22

Created: 2011-05-22

Creator: Cajeton Nadarajah

Private: No

This website is vulnerable to Cross Site Request Forgery attack. While the user is logged in, executing a form similar to that of the real “Change Password” form of the website, with the password explicitly given, would change the user’s password to the given password. The attack could be carried out by tricking the user to click a button that runs the malicious code, while the user is logged in to “Knowledge Root” will effectively change the user’s password what we want. The .php file that could be used for such an attack is attached. Running this file while the user is logged in would effectively change the user's password to "hacked2".

Discussion

Cajeton Nadarajah - 2011-05-22

php file for the CSRF attack

hack.php

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

CSRF Vulnerability

Group

Searches

Help

#4 CSRF Vulnerability

Discussion