Go4Expert (http://www.go4expert.com/)
-   Ethical hacking (http://www.go4expert.com/forums/ethical-hacking-forum/)
-   -   Defeating CSRF token protection (http://www.go4expert.com/forums/defeating-csrf-token-protection-t26240/)

cyb3rTerr0r 8Jul2011 20:18

Defeating CSRF token protection
Most <forms> have some sort of security token to prevent CSRF attacks. In my youth I posted on a BBS and I now wish to remove all those posts. The problem is there is no "mass delete" option on the BBS, deleting your account doesn't delete the posts, and I have nearly 15,000 posts so I cannot delete them all manually.

I've looked at the source code and it would be easy to write a script that can delete all posts. My only problem is that the "delete" function has a CSRF security token. I know it's possible to defeat this protection, but I cannot seem to figure out how. I'm fluent in Java Server Pages, Servlets, Php, Java Script; And, I am familar with Perl and VB Script. Can someone inform me as to how this can be done?


All times are GMT +5.5. The time now is 14:15.