Hacked Session XSRF Attacks

In our last post we discussed countermeasures against session hacking. Here we gonna discus one more attack that can be done if session is not protected. Hacked session XSRF attack is combination of session hacking and cross site request forgery(XSRF). Hacked session XSRF vulnerabilities arise where HTTP cookies are used to transmit session tokens. That means once HTTP cookie is set in browser it’ll automatically submit that cookie back to application for every request.

This purely states that if application does not take precautions against misuse of tokens it will be not be only vulnerable to session management attack but also to XSRF attack and when both will be combined a more stronger attack can be performed. Exploiting this vulnerability is easy, have a look on following steps.

  • Find vulnerable website.
  • Find application which performs action without user’s knowledge.
  • Now create a HTML page that will perform desired action by application without interacting with user to set cookie. Use PHP or Java script to perform desired action.
  • When user is logged on, anyhow make him/her load your HTML page. You can select email or link on social network to vector your page.
The very first step countermeasure to this attack is same as countermeasures against session management attacks. If you are reading this post for very first time you are requested to read our previous posts on session hacking and XSRF to understand attack thoroughly. In next post to this we will have our look on preventive measures against XSRF attacks. Till then thanks for reading, have a nice time and keep visiting.
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s