What is the CSRF loophole or Cross Site Request Forgery

What does this loophole mean?

Hacker exploits this loophole that he makes fake attacks across the site, perhaps from more than one browser or from the same browser, but from more than one tab in order to inspire the site as more than one person and in fact is only one person and therefore executes false orders.

 How do I protect my site from this vulnerability?

This node is updated by creating a new session each time you open the site page or FORM page and this session must consist of a variable and encrypted code that no one can use instead of you meaning if you create a variable code as follows

rand (1000,9000);

This function will create a random number of 1000 to 9000, maybe 5364 or 6954, and so you then encode this code using this function base64_encode and became the code in the end so

base64_encode (rand (1000,9000));

The final output code will be this way

MjcyMw==

This is something wonderful and then the system can decrypt this sentence using base64_decode function will extracts the correct number and is applied to the number before encryption to make sure of it, but what if he breached the work of this code and encrypted the same standards that you have you work if in the end you will be able to skip this protection .. So what do you do to solve this problem ??

You can solve this problem by creating a custom character for which you can replace some characters. For example, you can type 5 and so on and then encrypt the code in this way and its time.

How do I patch this vulnerability on my site?

First: we create the session with this code with the possibility to change the method of encryption according to your desire

$ token = base64_encode ('val'.rand (1000,9000)' blog ');
$ _SESSION ['token'] = $ token;

Second: You will search for the form in your site and start adding this line, which is a hidden entrance with the code we created

<input type = "hidden" name = "token" value = "<? php echo $ token;?>" />

Third: We add a condition before executing the requested query and it makes sure whether the session is valid or not

if ($ _ POST ['timeS7'] == $ _ SESSION ['token']) {

// True

} else {

// False

}

So we have to patch this gap properly and you can experience the solution after you apply it open more than one tab from the same browser and formic after chiefs, lest properly press implementation and watched any of these tabs will work will not only find only one works and the rest will not be considered to them and if you see the opposite Re-ensure that the code is written correctly and formatted.

Leave a comment