[Owasp-leaders] CSRF

Christian Papathanasiou christian.papathanasiou at owasp.org
Wed May 29 14:29:55 UTC 2013


Another scenario is: 

Distributed client side login/pass bruteforce :-)

Once victims connect to attacker controlled server they are dished out hundreds of CSRF vectors such ass

<img src=http://server/login?username=&user1pass=pass1>

Username password pairs

With each subsequent CSRF vector sent  testing for a post authentication function 

Once word list subset exhausted page updates with next set to try

In essence achieving distributed non attributable brute force (and potentially knock on effects of application layer DoS)

All theoretically possible I think but have never seen that really done in the wild have any of you? Perhaps something BeEF does in the XSS world?

Christian

On 29 May 2013, at 14:46, Giorgio Fedon <giorgio.fedon at owasp.org> wrote:

> Another scenario is when you need to poison DNS cache. In that case you
> may need many resolution request from a lot of different ips. And maybe
> the function that force the dns resolution is in the authenticated area
> 
> 
> On 05/29/2013 03:19 PM, gaz Heyes wrote:
>> On 29 May 2013 14:14, Giorgio Fedon <giorgio.fedon at owasp.org
>> <mailto:giorgio.fedon at owasp.org>> wrote:
>> 
>>    Incrimination is something that may happen by forcing a user doing
>>    something illegal.
>> 
>> 
>> That isn't what I meant. You can assign the IP address of the user to
>> a specific account that has already performed or about to perform
>> illegal activity.
> 
> 
> -- 
> | Giorgio Fedon, Owasp Italy
> |
> | In Input Validation 
> |            and Output Sanitization, 
> |                                   We Trust
> --
> | Web: https://www.owasp.org/index.php/Italy
> |_____________________________________________.
> 
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders


More information about the OWASP-Leaders mailing list