CodeIgniter Forums
csrf token not expiring after a response cycle - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Development (https://forum.codeigniter.com/forum-6.html)
+--- Forum: CodeIgniter 3.x (https://forum.codeigniter.com/forum-17.html)
+--- Thread: csrf token not expiring after a response cycle (/thread-71550.html)



csrf token not expiring after a response cycle - cinewbie - 08-27-2018

I have came across a strange issue in my codeigniter application using CI 3.1.8. When the application was provided for third party audit they found that the CSRF token was not getting expired after a request response cycle in the same session. I have used the csrf_regenerate = TRUE and every new form load was generating unique toke. But the old token once generated was not getting expired.This is the steps they followed for POC

a. The logged in on a valid session and took a form where csrf token is embedded as hidden field
b. THey have filled the form and submitted the page and intercepted with the burp suite.
c. They generated a csrf poc page with same values and saved in local machine
d. They let the first page complete its submission and new csrf token was generated in page reload
e. On the same session on the second tab they openend the html page in the local machine.
f. They submitted the page with different values and intercepted the response.
g. They altered the response replacing csrf cookie value and hidden field value with old token value.
h. They submitted the page and new entry was created on the server.
[attachment=1320][attachment=1321][attachment=1322][attachment=1323][attachment=1324]


RE: csrf token not expiring after a response cycle - php_rocs - 08-28-2018

@cinewbie,

If you think you found a security issue then use the link https://codeigniter.com/community and click on the link in the blue highlighted area.


RE: csrf token not expiring after a response cycle - cinewbie - 08-29-2018

(08-28-2018, 06:05 AM)php_rocs Wrote: @cinewbie,

If you think you found a security issue then use the link https://codeigniter.com/community and click on the link in the blue highlighted area.

Okay I have done that, though I am not sure whether this is an issue with CI or with my application. Big Grin  Lets see..