• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
csrf token not expiring after a response cycle

#1
I have came across a strange issue in my codeigniter application using CI 3.1.8. When the application was provided for third party audit they found that the CSRF token was not getting expired after a request response cycle in the same session. I have used the csrf_regenerate = TRUE and every new form load was generating unique toke. But the old token once generated was not getting expired.This is the steps they followed for POC

a. The logged in on a valid session and took a form where csrf token is embedded as hidden field
b. THey have filled the form and submitted the page and intercepted with the burp suite.
c. They generated a csrf poc page with same values and saved in local machine
d. They let the first page complete its submission and new csrf token was generated in page reload
e. On the same session on the second tab they openend the html page in the local machine.
f. They submitted the page with different values and intercepted the response.
g. They altered the response replacing csrf cookie value and hidden field value with old token value.
h. They submitted the page and new entry was created on the server.
                   
Reply


Messages In This Thread
csrf token not expiring after a response cycle - by cinewbie - 08-27-2018, 10:15 PM

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2019 MyBB Group.