Hacker News new | ask | show | jobs
by chk 4266 days ago
Can I ask how you identify issues like this so quickly? I'm an infosec student, and I'd love to hear what your thought process is when briefly looking over the security of a certain website.
1 comments
steakejjs 4265 days ago
I've got a lot of practice breaking things. CSRF can be identified really fast by checking for unique tokens. Some unguessable token should be submitted with each state changing request. If not, attackers can steal authenticated accounts by making a request to the "change PW" or "change email" URLs. It's a little confusing at first.

XSS I just set JavaScript as something that shows up in a field on a different page. The RCE I mentioned is just uploading a PHP file for the "file upload" feature associated with messages. If he puts the uploaded file within the webroot (and the file is php since his whole site is php) then the file will be executed when you go to its URL

Web app security is something that infosec professors don't talk about at all (in my experience). I had to teach myself but OWASP is very good to get started. It also helps to write a lot of software as well since you'll tend to find pitfalls of doing things wrong

edit: If you would like to see more of the technical how-tos behind CSRF check this link out. It is a blog I wrote about CSRF and how one would actually attack someone with it. http://ejj.io/csrf-password-bruteforce/

link
chk 4265 days ago
Hey, I appreciate the response. BTW, I tried to follow you on Twitter via your website link but it said user doesn't exist anymore. :-/
link
steakejjs 4263 days ago
It's actually twitter.com/steakejjs. I just changed it last night actually independent of reading this.

Cheers

link