Posts

Showing posts from January, 2013

From CSRF Protection Bypass to Shell

If the CSRF protection was not implemented in a secure manner, this could lead to attacker having high privileged functions like an administrator user to perform malicious attacks on the server.  Nowadays' open-source applications provide excessive functions to administrator users, arguing that the user type is trusted and user login function is protected with anti brute force mechanism.

http://yehg.net/lab/pr0js/training/view/misc/TomatoCart-Anti-CSRF-Bypass-2-Shell/
Reference: 
http://yehg.net/lab/pr0js/advisories/%5Btomatocart1.x%5D_ant-csrf_bypass