03-18-2016, 01:26 PM
My gut says that you would only be able to do that on your own machine due to the fact that all browsers have a strict "same origin policy" and if you tried to do that as a man in the middle, you wouldn't have the anti-CSRF token so the page would automatically be killed upon submission...but it's definitely something I need to take a hard look at.
In general, the philosophy is that if the client machine itself is pwned by some malware or an attacker has the ability to run arbitrary code on the client... it's game over anyway. The question I need to look into is if you could manage to get code into the db if it was not running on your local machine.
You're welcome to try the attack on http://userspice.org/demo and see what happens!
In general, the philosophy is that if the client machine itself is pwned by some malware or an attacker has the ability to run arbitrary code on the client... it's game over anyway. The question I need to look into is if you could manage to get code into the db if it was not running on your local machine.
You're welcome to try the attack on http://userspice.org/demo and see what happens!