Jump to content

Archived

This topic is now archived and is closed to further replies.

alexman

Html form without CSRF protections

Recommended Posts

I've tested today the vulnerability of my site with Acunetix8 and I've got medium risk due to :

"Html form without CSRF protections.Total files with this problems :112"

 

I also find CSRF Token -Admin Side add on, from here: http://addons.oscommerce.com/info/8506

I've installed to see if the vulnerabilities will dissapeared, but I receive the following error when I access my admin page:

Fatal error: Cannot redeclare tep_href_link() (previously declared in /home/my site/public_html/myadmin/includes/functions/html_output.php:15) in /home/../public_html/myadmin/includes/functions/html_output.php on line 473

 

How to solve this problem?

Many thanks in advanced

html_output.php

Share this post


Link to post
Share on other sites

How to solve this problem?

 

It looks like you have two copies of html_output.php pasted together in one file. All those functions in html_output.php are twice in the file. Look at line 430-443:

 

    return $button;
 }
?>
<?php
/*
 $Id$

 osCommerce, Open Source E-Commerce Solutions
 http://www.oscommerce.com

 Copyright (c) 2010 osCommerce

 Released under the GNU General Public License
*/

Share this post


Link to post
Share on other sites

I succeeded to install CSRF Token -Admin Side and I've tested again with Acunetix. It seems that add on has no effect against CSRF attack:

"Acunetix WVS found a HTML form with no apparent CSRF protection implemented. Consult details for more information about the affected HTML form.

Affected items

  • /
  • /advanced_search.php
  • /advanced_search.php (244162615e579f59d602f9acd0b3abd3)
  • /advanced_search.php (58d5350237d5bb88abcf55d58d59296a)
  • /advanced_search.php (772907f2f4a7ccc783339763f0d9b4a1)
  • /advanced_search.php (7ff270ddde27df732ad45d610dafee8f)
  • /advanced_search.php (af63838acc1ac89ef2b772d3ee53044d)
  • /advanced_search.php (f4127572f1ef74992ab78a641ae791d3)
  • /advanced_search_result.php (2970a48f565c94859376f48770d14c3b)
  • /advanced_search_result.php (772907f2f4a7ccc783339763f0d9b4a1)
  • /advanced_search_result.php (a581791bc15ccd4d118b08d8e7e7afb4)
  • /advanced_search_result.php (ad064c25f5a5134babbc3b87230d08e7)
  • /conditions.php
  • /conditions.php (32c499fe0864f0887f5ae20db4968ba6)
  • /contact_us.php
  • /contact_us.php (821ad72c31963986a8a60595d87d9212)
  • /contact_us.php (8efc9b24f2386b23e438b9c6b7c01252)
  • /contact_us.php (a30a63fee7e49f5791cf9920b5ef42b4)
  • /create_account.php
  • /create_account.php (32c499fe0864f0887f5ae20db4968ba6)
  • /index.php (20ed55fb45a960b3e8a3dfaa3d6c2f39)
  • /index.php (32c499fe0864f0887f5ae20db4968ba6)
  • /index.php (3418950f17a6eac2e8d1bf243c507d16)
  • /index.php (4bdf9bf2ac437f22219fcfbf38c7dc17)
  • /index.php (56753b7bfd551eaae8a6a638ba650c42)
  • /index.php (5b921342e19af30bf5d72875241afa81)
  • /index.php (6d02b79ab9526715335efba4361f6980)
  • /index.php (775c4c022a5180dad31a815014a926e7)
  • /index.php (8d477fafc5179be26790804dca082962)
  • /index.php (c47644b82d4938b0b28181665295e3cf)
  • /index.php (d3dc0faf44177762b1ff2d452f3573dc)
  • /index.php (e7ea601ad8b4b29cccc0e0ecb11f1274)
  • /login.php
  • /login.php (6001698f0ff86b8e27d135a57dff245a)
  • /login.php (a30a63fee7e49f5791cf9920b5ef42b4)
  • /login.php (fcfa401ae2b4080e221cc08cc8eeea11)
  • /password_forgotten.php
  • /password_forgotten.php (0143c4d1a40e7a5b9a399a644b66cd72)
  • /password_forgotten.php (6001698f0ff86b8e27d135a57dff245a)
  • /password_forgotten.php (a30a63fee7e49f5791cf9920b5ef42b4)
  • /privacy.php
  • /privacy.php (32c499fe0864f0887f5ae20db4968ba6)
  • /product_info.php (0ed30c394770b4a9d0950b0ec8d48220)
  • /product_info.php (108dc72278123843dbc33401511338d5)
  • /product_info.php (207b8b1a7bf76784b9664fa5722981de)
  • /product_info.php (3b18231ae716a46194c150cfa8ad0972)
  • /product_info.php (3ca5348e1cea88682fde793f10ed6e1b)
  • /product_info.php (40b7e623703aaa3a41f4e277321f3465)
  • /product_info.php (41984304f1226cfca914b3c7f7d9b6ae)
  • /product_info.php (4930f6cbc0b544ce859eb446792dbe9f)
  • /product_info.php (4bb32b3d77e50bd833e87a7d699e53a6)
  • /product_info.php (4cac174b86317d470c2cb44c09744c29)
  • /product_info.php (4d60543a0094de0b89e262077749f1bb)
  • /product_info.php (63255981cb55c06a50ea31a1cc6dd5eb)
  • /product_info.php (639968ccb72a52fafd16c75315669097)
  • /product_info.php (688dacce5734e1d2ce3dbafe9447ea0c)
  • /product_info.php (6c02765542b5d67004e7ba0cbf87f3a0)
  • /product_info.php (703748e6be8454446a26c01c3764e2cb)
  • /product_info.php (7ec7795b400cde2a2f1ecc86f9f0d4c0)
  • /product_info.php (81b7e933167c1f68f6df2462ed90f9d8)
  • /product_info.php (89946099d910e1e47dc49d1d40ea05c4)
  • /product_info.php (8c1ee9bfe5c5f3a2756982d12d0316cc)
  • /product_info.php (997452fc7a049951467df0460a78660f)
  • /product_info.php (aea0e97e0dace8965789db341da3aed2)
  • /product_info.php (afb512fc73b796ada258612a92525a09)
  • /product_info.php (b209780e5ca14c74f88219bb4e281f97)
  • /product_info.php (bed5edc27249ea746cdde0abcfe331b5)
  • /product_info.php (bf329ab8c802c8e5cb4cc3552d8a8e54)
  • /product_info.php (c21ec0f2b4c302d8a70a6efe9f6ed4f7)
  • /product_info.php (c8d8922a5bf3ea76590edfc1924afab6)
  • /product_info.php (c9ba736e737a7bba49dacf27e7b9d432)
  • /product_info.php (df34442ca276a0b50558ec9e148492c5)
  • /product_info.php (e4a9c0a82d2e6959a2c5357705bf8213)
  • /product_info.php (eec0de16c50d81034b059fee9e7b9d2c)
  • /product_info.php (f11879364190dee80cce9f9a2df34afe)
  • /product_info.php (f7387f5839d91e6b78584536693b272f)
  • /product_info.php (fff514e853f6dc0eba47fee03d4cf0da)
  • /product_reviews.php (8c1ee9bfe5c5f3a2756982d12d0316cc)
  • /product_reviews.php (aea0e97e0dace8965789db341da3aed2)
  • /product_reviews.php (bed5edc27249ea746cdde0abcfe331b5)
  • /product_reviews.php (c21ec0f2b4c302d8a70a6efe9f6ed4f7)
  • /product_reviews.php (eec0de16c50d81034b059fee9e7b9d2c)
  • /products_new.php
  • /products_new.php (6d8b81866b0721ef0b36fbe6eb1c8793)
  • /products_new.php (a30a63fee7e49f5791cf9920b5ef42b4)
  • /products_new.php (d27a8c4a03b8334a2d3d5c92b537d561)
  • /reviews.php
  • /reviews.php (32c499fe0864f0887f5ae20db4968ba6)
  • /shipping.php
  • /shipping.php (32c499fe0864f0887f5ae20db4968ba6)
  • /shopping_cart.php
  • /shopping_cart.php (01bc53d029a127311cc3b9525f904743)
  • /shopping_cart.php (0bf3a184238081ff93ae6d1553c6e99f)
  • /shopping_cart.php (1558872ae046eff0783aede6a3b85b67)
  • /shopping_cart.php (182a16eacc90d37c663c2b9f6f1e11d1)
  • /shopping_cart.php (303cbe84c986a4cc6f183c5179c36109)
  • /shopping_cart.php (32c499fe0864f0887f5ae20db4968ba6)
  • /shopping_cart.php (3418950f17a6eac2e8d1bf243c507d16)
  • /shopping_cart.php (390225ac22c59913c27043109015bdc4)
  • /shopping_cart.php (3e2cb1db2a1d6b64177eb5d1ad6aeaf4)
  • /shopping_cart.php (3f03132cbc6ae5ec9152fd2bc50e7cfe)
  • /shopping_cart.php (4b6d46816dba2fcd814d57d61ab68e2d)
  • /shopping_cart.php (57a53949091491aa435da7358067cdd5)
  • /shopping_cart.php (607190361d8714f17dfd80c554d8a7a4)
  • /shopping_cart.php (6d02b79ab9526715335efba4361f6980)
  • /shopping_cart.php (6dbd565d7f8013faec4a9d4315d292dc)
  • /shopping_cart.php (772907f2f4a7ccc783339763f0d9b4a1)
  • /shopping_cart.php (775c4c022a5180dad31a815014a926e7)
  • /shopping_cart.php (a2d5639d36e42fb8f5393c8f1ffc8290)
  • /shopping_cart.php (a581791bc15ccd4d118b08d8e7e7afb4)
  • /shopping_cart.php (a5c6dfcba4eee00e808e38f921e4853c)
  • /shopping_cart.php (aad6e396ef7100901d9d8db35da5a5e2)
  • /shopping_cart.php (c0ef270bd26e4e6e37095e2ef60e4f1d)
  • /shopping_cart.php (db40ba793f8b5b66c21e8c9027427b86)
  • /shopping_cart.php (e206574888fc7907376baac52e2db8fc)
  • /shopping_cart.php (ee6cb2a05c98b604e97f019258c22062)
  • /shopping_cart.php (ff73127a313c183387a8f3cb8e638ac8)
  • /specials.php
  • /specials.php (32c499fe0864f0887f5ae20db4968ba6)

The impact of this vulnerability:

An attacker may force the users of a web application to execute actions of the attacker's choosing. A successful CSRF exploit can compromise end user data and operation in case of normal user. If the targeted end user is the administrator account, this can compromise the entire web application.

How to fix this vulnerability

Check if this form requires CSRF protection and implement CSRF countermeasures if necessary."

 

If there are persons who's site want to be tested not only with this vulnerability, please tell me.I'll send back the report.

 

 

Also I have installed the IP trap and I can see the following:

-indeed it block attacks.

-if I put the IP manually it has no effect:

46.119.118.152 Not Known, added manually by Admin Not Known, added manually by Admin 08/28/2013 11:19 BLACK

 

because in who_is_ip we can see he still can access now:

00:07:11 0 Guest 46.119.118.152 18:51:59 18:51:59 /

 

 

Should I add the whole subnet? It is better?

46.119.118.0/24

Share this post


Link to post
Share on other sites

CSRF Token - Admin Side modifies, as it says, only the back-end (admin side).

 

The front-end isn't really that vulnerable to CSRF attacks. The worst things that could happen are that someone without his/her consent contacted you trough contact_us.php or created an account via create_account.php.

If the CSRF victim is logged in, the risk is higher, though.

 

Also, if you have renamed your admin directory, the CSRF Token addon would just be overkill.

Share this post


Link to post
Share on other sites

×