CSRF ATTACK USING $_SERVER['HTTP_REFERER']
Posted: Fri Mar 06, 2009 3:53 pm
The Target: User registration page at http://mysite.com/members/register.php
The Structure:
<?php
if(isset($_POST["register"])):
//data validation and database insert code
endif;
?>
<html>
<form method= "post" action="register.php">
some form fields.....
<input name="register" value="Submit" type="submit" />
</form>
</html>
The Attack: If an attacker modifies the HTML form fields and sets the action path to the absolute URL, i.e action="http://mysite.com/members/register.php" and posts malicious data, how do I detect it?
I understand that $_SERVER['HTTP_REFERER'] can be manipulated by the attacker (hence not dependable). Basically I want register.php to process a form that is only hosted at http://mysite.com/members/register.php and not anywhere else. How do I do it?
The Structure:
<?php
if(isset($_POST["register"])):
//data validation and database insert code
endif;
?>
<html>
<form method= "post" action="register.php">
some form fields.....
<input name="register" value="Submit" type="submit" />
</form>
</html>
The Attack: If an attacker modifies the HTML form fields and sets the action path to the absolute URL, i.e action="http://mysite.com/members/register.php" and posts malicious data, how do I detect it?
I understand that $_SERVER['HTTP_REFERER'] can be manipulated by the attacker (hence not dependable). Basically I want register.php to process a form that is only hosted at http://mysite.com/members/register.php and not anywhere else. How do I do it?