CsrfFinder - Cross-Site Request Forgery Finder


CsrfFinder

CsrfFinder - Cross-Site Request Forgery Finder
Author: Alec Blance

Compatibility:

  • Any system running Python 2.7

Requirements:

  • Python 2.7

Description:

CsrfFinder is a tool designed for pentesters and hackers , who wants to check for CSRF vulnerability in website's forms. This tool checks how many forms present in the webpage and checks the form if it has the csrf protection activated.

Features:

  • Csrf Scanning
  • Detecting how many forms present
  • showing forms that is vulnerable
  • User-friendly UI

 

Usage:

Enter the target url : google.com
What number of form do you want to scan?: 1

Output

Enter the target url
[+]: google.com
======================================================
The number of forms present in the http://google.com is 1
1. <form action=/search onsubmit=/>
======================================================
What number of form do you want to scan?
[+]: 1
<form action=/search> is VULNERABLE!(Keep in mind that this may be sometimes falsepositive)

Download CsrfFinder:

 GitHub: https://github.com/AlecBlance/Csrf-Finder

VendHQ Vulnerability (CSV Injection)

Hello everyone,
It's Alec Blance.
I wanted to show you one vulnerability that I found in VendHQ. It is a duplicate bug so, i wanted to share it.
The vulnerability is called CSV injection.

Many modern web applications and frameworks offer spreadsheet export functionality, allowing users to download data in a .csv or .xls file suitable for handling in spreadsheet applications like Microsoft Excel and OpenOffice Calc.  The resulting spreadsheet’s cells often contain input from untrusted sources such as survey responses, transaction details, and user-supplied addresses.
This is inherently risky, because any cells starting with the ‘=’ character will be interpreted by the spreadsheet software as formulae. ~ http://www.contextis.com/resources/blog/comma-separated-vulnerabilities/

So, let's get started.
1. Go to Contact name and enter this payload -2+3+cmd|' /C calc'!G2 , both first and lastname
2.  And put any information in the other fields.
3. Then Save Changes
4. Go to customers
5. Then Export Customers
6. Then open the file you've downloaded
7. Then the cmd will pop up or a security warning will pop-up

Video:


 

Thanks and Regards,
Alec Blance
Security Researcher

UBNT CSRF POC


Hello Everyone,
   This time , i would like to share to you my Proof Of Concept about UBNT Cross Site Request Forgery. So let's start!

   Ubiquiti Networks is an American technology company started in 2005. Based in San Jose, California Ubiquiti manufactures wireless data communication products for enterprise and wireless broadband providers with a primary focus on under-served and emerging markets.
 ~ WikiPedia




  The bug that I have discovered enables the attacker to successfully takeover someone's account without his/her knowledge.

   While browsing inside UBNT's website, I have tried all their buttons and features but I couln't find any bugs. I have lose my hope..

   But then , onething comes into my mind. What if they had a forum.. That thought gave me hope..
I searched in google if there are any forums in UBNT. And a link lead me there.. Every attacker wanted to change it's victim's settings or even takeover it.. So, everytime that I would test any site, I would just go to it's settings and test for CSRF bugs..


  While recording all the request sent by the "SAVE" button, i could see that they enabled the csrf tokens.. But, thinking that , It could be vulnerable to CSRF token Reusable..


Steps i've used:
1. Recorder the request
2. Copied the csrf token
3. Logged out
4. Log In
5. Replaced the csrf token in settings

POC Video:



History:
[+]Submitted the bug
[+]Marked as Informative
[+]Sent Additional Info
[+]Marked as informative

I don't really understand why they didn't accept this bug..
But, it's worth sharing :)