Exploiting CSRF against search with Lucene(idontplaydarts.com) |
Exploiting CSRF against search with Lucene(idontplaydarts.com) |
Considering most likely the searchbox will already tell youif something exists, whats the purpose?
I think I'm missing something here.
As mentioned in the article, A can protect against this by requiring a csrf token to be included in all the requests sent to it (this is on top of the authentication/session cookie which establishes the trust relationship between A and C's browser. A csrf token is a random unguessable token that the server sends to C's browser in a form that cannot be accessed by B -- the JavaScript from A is expected to retrieve this token and send it along with future requests to A. The server A then needs to validate that any request from browser C contains the csrf token -- this allows A to distinguish between requests from browser C which were generated on behalf of code from A (should be allowed) and requests which were generated by browser C on behalf of code from some other domain (potentially malicious)
User Input -> (CSRF / Auth) from Your Server -> Your Server -> Lucene
Most implementations will do it like that since everything else is unsafe by design, so the article is pointless.