Internet SecurityProtect Your InformationProtecting Your Children

Hacking CSRF Tokens using CSS History Hack

Cross-site scripting, or XSS, is a well-known cyber security risk that allows malicious users to take control of, and exploit, a user’s system.

Another security risk is Cross-Site Request Forgery (CSRF, or “sea surf”).  This risk allows someone to execute functions within a user’s authenticated session, thus the “forgery” portion of the name.

These two risks are formidable and combined they are even more dangerous.  As such, to eliminate the risk of someone exploiting your system, you should remove XSS scripting from your code or ensure you are using a XSS filter to weed out malicious code.

Additionally, make use of CSRF tokens to ensure you are securing your identification and authentication information.  A properly configured CSRF token will keep your private data just that – private, and not allow a malicious user to forge it.

Although the dangers of XSS are well known, combining an XSS exploit with CSRF is not as commonly understood.  These risks are a good reminder to cyber security professionals to consider all exploits, not just the most commonly knows vulnerabilities like JavaScript or Flash Player.

info@securethoughts.com'

Secure Thoughts

Internet Explorer Browser
Previous post

Exploiting IE8 UTF-7 XSS Vulnerability using Local Redirection

Opera browser
Next post

Pwning Opera Unite with Inferno’s Eleven