undefined | Better HN

0 pointssteakejjs11y ago0 comments

I've got a lot of practice breaking things. CSRF can be identified really fast by checking for unique tokens. Some unguessable token should be submitted with each state changing request. If not, attackers can steal authenticated accounts by making a request to the "change PW" or "change email" URLs. It's a little confusing at first.

XSS I just set JavaScript as something that shows up in a field on a different page. The RCE I mentioned is just uploading a PHP file for the "file upload" feature associated with messages. If he puts the uploaded file within the webroot (and the file is php since his whole site is php) then the file will be executed when you go to its URL

Web app security is something that infosec professors don't talk about at all (in my experience). I had to teach myself but OWASP is very good to get started. It also helps to write a lot of software as well since you'll tend to find pitfalls of doing things wrong

edit: If you would like to see more of the technical how-tos behind CSRF check this link out. It is a blog I wrote about CSRF and how one would actually attack someone with it. http://ejj.io/csrf-password-bruteforce/

0 comments

chk11y ago

Hey, I appreciate the response. BTW, I tried to follow you on Twitter via your website link but it said user doesn't exist anymore. :-/

steakejjsOP11y ago

It's actually twitter.com/steakejjs. I just changed it last night actually independent of reading this.

Cheers

j / k navigate · click thread line to collapse