Defeating CSRF token protection
Most <forms> have some sort of security token to prevent CSRF attacks. In my youth I posted on a BBS and I now wish to remove all those posts. The problem is there is no "mass delete" option on the BBS, deleting your account doesn't delete the posts, and I have nearly 15,000 posts so I cannot delete them all manually.
I've looked at the source code and it would be easy to write a script that can delete all posts. My only problem is that the "delete" function has a CSRF security token. I know it's possible to defeat this protection, but I cannot seem to figure out how. I'm fluent in Java Server Pages, Servlets, Php, Java Script; And, I am familar with Perl and VB Script. Can someone inform me as to how this can be done?
|All times are GMT +5.5. The time now is 02:34.|