CSRF ATTACK USING $_SERVER['HTTP_REFERER']

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
CutieBaby
Forum Newbie
Posts: 1
Joined: Fri Mar 06, 2009 3:08 pm

CSRF ATTACK USING $_SERVER['HTTP_REFERER']

Post by CutieBaby »

The Target: User registration page at http://mysite.com/members/register.php
The Structure:
<?php
if(isset($_POST["register"])):
//data validation and database insert code
endif;
?>
<html>
<form method= "post" action="register.php">
some form fields.....
<input name="register" value="Submit" type="submit" />
</form>
</html>

The Attack: If an attacker modifies the HTML form fields and sets the action path to the absolute URL, i.e action="http://mysite.com/members/register.php" and posts malicious data, how do I detect it?
I understand that $_SERVER['HTTP_REFERER'] can be manipulated by the attacker (hence not dependable). Basically I want register.php to process a form that is only hosted at http://mysite.com/members/register.php and not anywhere else. How do I do it?
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Re: CSRF ATTACK USING $_SERVER['HTTP_REFERER']

Post by Benjamin »

You should be performing data validation and cleansing on all user data, regardless of the source.

Search for CSRF token PHP

http://www.google.com/search?client=ope ... 8&oe=utf-8
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: CSRF ATTACK USING $_SERVER['HTTP_REFERER']

Post by kaisellgren »

This has nothing to do with CSRF...

What you want to do is to validate the content.

If you want to make sure the submit originates through your form, use tokens. This, however, does not mean that the person "uses" your form, the attacker could connect to the site and read the token and then send custom form data. Like I said, validation is what you want.
Post Reply