Open http://site/user using either Internet explorer 7 or Mozilla
Firefox browser.
2. Login with valid credentials and browse through the authenticated pages inside
the module.
3. Create a malicious page with the logout link of the application as shown.
html
body
img src="http://sitename/user/logout"/
body
html
Open a new tab and invoke the malicious page. It is observed that the logout link has been submitted on the application server
and thus the user gets logout forcefully.
how to get rid of it????????
please help me

Comments

JamesOakley’s picture

Isn't the answer not to create a page like that?

It's not exactly a cross-site request forgery - it's all within your own site.

You could use URL Redirects (as a module, or in .htaccess) to make http://sitename/anything-you-want redirect to the logout page, and that would have the same effect.

What precisely is the problem?


This signature is currently blank
Heine’s picture

This qualifies as a CSRF issue.

http://drupal.org/node/144538 has the discussion on how / if to fix it in core.

sahithi’s picture

Please provide a correct solution for this please...........

Heine’s picture

There's no ready made one as far as I know, but you could use the ideas in the above issue to create it yourself (eg a module doing a menu_alter on the logout link to provide a confirm form).

greggles’s picture

dibyadel’s picture

I hv been searching solutions for CSRF in drupal particularly the logout CSRF.
Kindly provide