Excerpt from: Web Application Security Insights
|
 |
| July 31, 2008 | | Cross-site Request Forgery (XSRF) vulnerability found on Singlesnet.com |  I reported this XSRF vulnerability almost a year ago to Singlesnet.com and got no response, so I've decided its time to share it with the community. The root of the problem is Cross-Site Request Forgery (XSRF) using an off-domain POST. Now some of you may not be familiar with XSRF attacks so I will summarize the root cause.
XSRF attacks exploit a Web site's trust of its own user -- its a way of getting a user to make a request to the Web application that they are unaware of and do not authorize. In other words, the attacker causes your browser to make a request to the Web site that has deleterious effects. Now some of these attacks can involve malicious links (i.e. you follow the link and subsequently take an unintended action within the Web application). Another variation of the attacks can involve forms. The attacker creates a malicious form that autosubmits with a piece of JavaScript. You view the form, and your browser makes a request to the target application on your behalf and the attacker controls the content. Now to Singlesnet.com: Their site architecture allows you to change your password without supplying your current password.
Bad idea.
Basically, your account password, contact email, and username can all be automatically changed in one fell swoop. The proof of concept has been removed. If you wanna know how it works, you’ll have to figure it yourself ;-) by
Tom Stracener
TStracener@cenzic.com | | |
|
|
