#8840: about CSRF attacks
-------------------------+--------------------------------------------------
Reporter: aliajouz | Owner: jason, was
Type: defect | Status: new
Priority: major | Milestone:
Component: notebook | Keywords:
Author: ali ajouz | Upstream: N/A
Reviewer: | Merged:
Work_issues: |
-------------------------+--------------------------------------------------
sage contain Multiple cross site reference vulnerability
because authority does not checked before preforming an action
'''CSRF attacks explain:'''
If create a file on my domain called "blah.jpg". It's really a php file,
renamed.
The PHP file redirects you back to the referring host (or any host I want
to really), to a special URL.
That URL takes an action based on the submitted data.
I then use an img tag <img> to link to my "image" on your site.
When you view the page, your browser makes a request to that image, and
that request is then redirected to the page on your site. Your browser
won't display the image (or will display a broken image) but that's not
important. What's important is that you just executed an action without
knowing it.
Some examples of CSRF attacks in sage :
1) upload a worksheet
2) create worksheet
3) change email
4) .............
...........
.............
...........
'''example:'''
1- login in at
http://alpha.sagenb.org/
2- open this published worksheet
http://alpha.sagenb.org/home/pub/16/
3-go to your home you will see that I uploaded a worksheet to your account
.
--
Ticket URL: <http://trac.sagemath.org/sage_trac/ticket/8840>
Sage <http://www.sagemath.org>
Sage: Creating a Viable Open Source Alternative to Magma, Maple, Mathematica,
and MATLAB
--
You received this message because you are subscribed to the Google Groups
"sage-trac" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/sage-trac?hl=en.