1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Defeating CSRF token protection

Discussion in 'Ethical hacking' started by cyb3rTerr0r, Jul 8, 2011.

  1. cyb3rTerr0r

    cyb3rTerr0r New Member

    Jul 8, 2011
    Likes Received:
    Trophy Points:
    Most <forms> have some sort of security token to prevent CSRF attacks. In my youth I posted on a BBS and I now wish to remove all those posts. The problem is there is no "mass delete" option on the BBS, deleting your account doesn't delete the posts, and I have nearly 15,000 posts so I cannot delete them all manually.

    I've looked at the source code and it would be easy to write a script that can delete all posts. My only problem is that the "delete" function has a CSRF security token. I know it's possible to defeat this protection, but I cannot seem to figure out how. I'm fluent in Java Server Pages, Servlets, Php, Java Script; And, I am familar with Perl and VB Script. Can someone inform me as to how this can be done?


Share This Page