Interesting findings on CSRF (cross site request forgery)

-
Found an interesting use case where the orkut has missed out CSRF rules.

  • Login to orkut as User1 .
  • Update the status as <a href="/GLogin.aspx?cmd=logout">its good!</a>
  • Login as User2.
  • Go to User1's profile home and click on the status, you will be successfully logged out. :)

Should orkut does not support anchor tags in its status ??

Comments

Prashant said…
Are the status updates in Orkut sent to your friends also ?

Then your friends who click on this link in your status update also get logged out ?
October 21, 2008 at 12:05 AM
amar said…
The status updates shown on the friend's home will be encoded and non click able. so no problem. This scenario occurs only when the user access my home page and click on the status.
October 21, 2008 at 12:17 AM
csrrrrf said…
Hello Amar, I am RRR doing My M.Tech. I want to know more about this CSRF. can you please send me your additional work on CSRF. my mail id is csrrrrf@gmail.com
thanks
November 18, 2008 at 9:42 AM
Post a Comment

Popular posts from this blog

Proper way to have an anchor tag with onclick event

-
Anchor tags are one of the most common HTML tags used in pages. If the user right clicks on the anchor tag he/she will be provided with an option of 'Open in new Window/Open in new Tab'. This will happen only if the anchor has href attribute. Sometimes it is required to do some other action (like making ajax request) on click of the anchor link and also provide the right click option for the same anchor. Natural practice by web developers. <a href="javascript:void(0);" onclick="alert('i am here');">Click Me! </a> Click Me without link for anchor! Correct way to add anchor tags without losing anchor properties. <a href="http://www.blogger.com/amareswar.blogspot.com" onclick="alert('i am here'); return false;">Click Me! </a> Click Me! In the above link, you can observe that the user can right click on go to the respective link and onclick will do the custom action provided by the developer.
Read more

CORS issues with IE9 and workarounds

-
CORS(Cross-Origin-Resource-Sharing) is one of the features in HTML5 feature stack that enables a page to make AJAX requests to other domains. This feature is introduced to circumvent the Same-Origin-Policy . I am not discussing about CORS in detail here as there are lots of online resources available. I am working on a product where html files are served from one domain and back-end requests should be made to another domain (of course sub-domain) for security reasons and API clarity. Luckily we need to support browsers with HTML5 capabilities like Chrome > 14, Safari  > 5.0.5 , Firefox > 9, IE >8. I thought that IE9 is HTML5 complaint and promised to have support for it. I could have investigated a little bit  Application was implemented and we are running for release. Suddenly while going through entire flow we realized that IE9 is not making any CORS requests. From then on our hunt started. Searching blogs, articles, stackoverflow for solutions. I am here to expl
Read more

Some thoughts on MongoDB Nodejs driver

-
I am in the process of evaluating mongoDB for one of the product requirements. We were on the J2EE stack and MongoDB has java driver with which we got awesome results compared to the existing framework in terms of not only speed and resource utilization but also in terms data replication and fail-over behavior. I was curious about mongoDB nodejs driver and tried to test its performance over java driver. It was very easy to write code as I was already familiar with javascript and the footprint, startup time are far less compared to the J2EE stack. Now comes the real problem with NodeJS. My application typically tries to connect to different database for each request and existing nodejs api does not support to use same driver across different requests rendering the connection pooling offered by the framework useless !!!. I need to create server instance for each request. With  read preference as NEAREST, the reads are not shared across the replica set members and only the member o
Read more