Cross Site Request Forgery (CSRF) PoC Template (by Javascript)

Soroush Dalili — Thu, 02 Sep 2010 00:34:48 +0000

“Cross Site Request Forgery (CSRF) PoC Template (by Javascript)” project page has been updated.

Please visit the project section:

http://soroush.secproject.com/blog/projects/csrf_poc_template/

@ScriptName: Cross Site Request Forgery (CSRF) PoC Template
@Purposes: For any Legal/Ethical Educational Security Researches Only (without any WARRANTY). You can create your own CSRF PoCs by using this template. Author does not accept any responsibility or liability for the use or misuse of this code.
@Website: http://soroush.secproject.com/blog/projects/csrf_poc_template/
@Code: https://code.google.com/p/csrf-poc-template-by-js/

My belief: 70% of websites are vulnerable

Soroush Dalili — Sun, 29 Nov 2009 15:57:31 +0000

When I was searching for a ticket in nationalrail.co.uk website, I suddenly found an XSS and also a SQL Injection vulnerabilities in it.

I reported these two vulns. to its website just for having more security. And, I think these two vulnerabilities are fixed now.

However, I believe that still 70% of webistes are vulnerable against the OWASP TOP 10!

Also, I think you should read “Survey: Majority of Web sites vulnerable” as well.

Cheers,

Soroush

Computer Security Is My Interest! » CSRF Attacks

Cross Site Request Forgery (CSRF) PoC Template (by Javascript)

My belief: 70% of websites are vulnerable