daily pastebin goal
56%
SHARE
TWEET

Source Code By Narendra Bhati-Referrer Based CSRF Protection

bhati123 Jun 22nd, 2014 781 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. session_start();
  3. if(isset($_SESSION['views']))
  4.   unset($_SESSION['views']);
  5. $allowed_host = 'r00tsh3ll.com';
  6. $host = parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST);
  7. if(substr($host, 0 - strlen($allowed_host)) == $allowed_host)
  8. {
  9. if (isset($_POST['name'])&&isset($_POST['work'])&&!empty($_POST['name'])&&!empty($_POST['work'])){
  10. $name= $_POST['name'];
  11. $work= $_POST['work'];
  12. echo 'Your Details Has Been Updated <br> Name Is = '.$name.' <br>Work Is = '.$work;
  13. } else { echo 'All fields are recommended'; }
  14. } else { echo "<h1><font color='red'>Referrer Is Not Match CSRF Attack Detected</font></h1>"; }
  15.  
  16. if(isset($_GET['xssrbased'])){
  17. $redirection=$_GET['xssrbased'];
  18. header("Location: ".$redirection);
  19. }
  20. else { echo '';
  21. }
  22. if(isset($_GET['something'])){
  23. $show=$_GET['something'];
  24. echo ' Your Value Is=== '.$show;
  25. }
  26. else { echo 'please enter some value to echo';
  27. }
  28.  
  29. ?>
  30. <h1> Referrer Based CSRF Protection Bypass Demostration</h1>
  31. <h1>Update Details</h1>
  32. Hello User
  33. <form action="referrer.php" method="POST">
  34. Name:<br><input type="text" input name="name"></br>
  35. Profession:<br> <input type="text" input name="work"></br>
  36. ---><input type=submit input value="Click To Update">
  37. </form>
  38. <form action="referrer.php" method="GET">
  39. Enter Something For Echo:<input type="text" input name="something">Example- Hey Baby</br>
  40. ---><input type=submit input value="Click To Echo">
  41. </form>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top