Ethical Hacking and Penetration Testing Guide

Predicting/Brute Forcing Weak Anti-CSRF Token Algorithm

Yüklə 22,44 Mb. Pdf görüntüsü səhifə 235/235 tarix 07.08.2023 ölçüsü 22,44 Mb. #138846

Bu səhifədəki naviqasiya:

• Predicting/Brute Forcing Weak Anti-CSRF Token Algorithm
• Tokens Not Validated upon Server
• $file = $_GET["file"]; include($file.".html");

Predicting/Brute Forcing Weak Anti-CSRF Token Algorithm Computers are not random, which means that they cannot generate random values. The values  that are generated are cryptographically random, which means that there is an algorithm that is  used to generate the CSRF token. If you, as an attacker, are able to predict the algorithm that is  used to generate the tokens, you can generate them ahead of time and then load all of them in an  Yüklə 22,44 Mb. Dostları ilə paylaş: