I just want to get information from people who know. I looked at CSRF vulnerabilities and, apparently, the most popular method I know to deal with it. This method is to create a token in the returned html and add a cookie with the same value. Therefore, if a script tries to make a message, it will be for it have to guess the token thats embedded in the web page.
But if they target a specific site, why can't they just use a script that
- Allows access to the page (cookie will be returned even if the script cannot access it)
- Parses html and gets token
- Invokes a message with this token in it (the returned cookie will be sent back)
- They successfully submitted the form without user knowledge.
The script does not need to know the contents of the cookie, it just uses the fact that cookies are sent back and forth all the time.
What am I missing here? Is it impossible? I think this is pretty scary if you think about it.
Below this line, reading is not required to answer the question :)
These vulnerability banks are that authentication is based on cookies, which, in my opinion, is the main authentication method at present.
, , - .
html, . , , , , - , /. , - , , "" (, URL-), URL-, , , :
https://www.example.com/SuperSecretPage/1/123j4123jh12pf12g3g4j2h3g4b2k3jh4h5g55j3h3
, , URL- - .
cookie, , ?
, , cookie ? , ? , cookie ? , 1, 2, /
2 , 2.
, cookie /. , example.com, cookie, , cookie example.com. , www.mybankingsite.com, mybankingsite.com. , example.com, script, get/post, cookie example.com . cookie . . script mybankingsite.com - example.com, mybankingsite.com.
, , ,