Arkiv 20 november, 2007

Discovered CSRF with AJAX, phpBB and Private Messaging…

A few months ago I was asked a question, if it was possible to forge private messages on a webforum. I said yes of course, and explained – to the mortals – how it theoretically could be done with AJAX (or similar). But it’s not guaranteed that it does since AJAX are dependent of the browser security and the code running on the site. In my mind it should not be any problems however, as long as the browser doesn’t leave the domain, or the communication is handled by two trusted sites.

To see if my theory really worked, I decided to test it. I chose an older version of phpBB since this was (and probably still is for a lot of websites out there) actually a bug, and fixed in new releases – and phpBB is a forum that is both easy install and use. It’s also free, and used by many. Continue below…

Läs mer