Page 1 of 1

CSRF ATTACK USING $_SERVER['HTTP_REFERER']

Posted: Fri Mar 06, 2009 3:53 pm
by CutieBaby
The Target: User registration page at http://mysite.com/members/register.php
The Structure:
<?php
if(isset($_POST["register"])):
//data validation and database insert code
endif;
?>
<html>
<form method= "post" action="register.php">
some form fields.....
<input name="register" value="Submit" type="submit" />
</form>
</html>

The Attack: If an attacker modifies the HTML form fields and sets the action path to the absolute URL, i.e action="http://mysite.com/members/register.php" and posts malicious data, how do I detect it?
I understand that $_SERVER['HTTP_REFERER'] can be manipulated by the attacker (hence not dependable). Basically I want register.php to process a form that is only hosted at http://mysite.com/members/register.php and not anywhere else. How do I do it?

Re: CSRF ATTACK USING $_SERVER['HTTP_REFERER']

Posted: Fri Mar 06, 2009 3:55 pm
by Benjamin
You should be performing data validation and cleansing on all user data, regardless of the source.

Search for CSRF token PHP

http://www.google.com/search?client=ope ... 8&oe=utf-8

Re: CSRF ATTACK USING $_SERVER['HTTP_REFERER']

Posted: Fri Mar 06, 2009 4:27 pm
by kaisellgren
This has nothing to do with CSRF...

What you want to do is to validate the content.

If you want to make sure the submit originates through your form, use tokens. This, however, does not mean that the person "uses" your form, the attacker could connect to the site and read the token and then send custom form data. Like I said, validation is what you want.