Community
Participate
Working Groups
Created attachment 274454 [details] PoC Maven Project with README.md The CSRF Handler (io.vertx.ext.web.handler.impl.CSRFHandlerImpl) in Vert.x Web does not create CSRF Tokens that are unique per user session. A malicious website can still perform CSRF by obtaining a valid token and adding it to a HTML form and then submitting the form to the vulnerable web application. The CSRF tokens do not have all the characteristics required for CSRF protection as summarised by OWASP: https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet#Synchronizer_.28CSRF.29_Tokens SHA256(vertx-xsrf.zip)= 96c774d75a3a1d8ae8acf6e0d8079a24dd4f0b41deb1a18b733e32cb3f47a380 The PoC attached starts two HTTP web services. The attacker web server will automatically poll the http://target.local:8888/token webpage for a valid XSRF token. If a user then navigates to the http://localhost:7777 in their browser it will render an HTML page with an iframe. The iframe will be populated with a form with a valid X-XSRF-TOKEN form attribute that is automatically submitted to http://target.local:8888/token.