Pregunta
I'm trying to implement CSRF attack. I understood the concept of using the session-id's in one-click attack and using the brower's role in it.
I want my php page to get converted in a single hyperlink/url instead of a url which contains a code and gets redirected to the previous page.
My php code for deduction of a amount from the account is
https://stackoverflow.com/questions/22441296
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian<?php
include "config.php";
session_start();
$email = $_SESSION['email'];
$acc = 'sn123';
$amt = '1';
$query = "update account set balance = balance + $amt where acc_no = '$acc'";
mysql_query($query);
$query = "update account set balance = balance - $amt where email = '$email'";
mysql_query($query);
header('Location: kclick.html');
?>
I want it to get converted into a URL, for eg -
<img src="http://bank.example.com/withdraw?account=bob&amount=1000000&for=Fred">
Solución
If you wanna use GET parameters from URL try this
<?php
include "config.php";
session_start();
$email = $_SESSION['email'];
$acc = $_GET['account'];
$amt = $_GET['amount'];
$query = "update account set balance = balance + $amt where acc_no = '$acc'";
mysql_query($query);
$query = "update account set balance = balance - $amt where email = '$email'";
mysql_query($query);
header('Location: kclick.html');
?>
Otros consejos
I'm not sure how you are trying to implement such attack so I'll give you a basic example.
Let's say you have this script on your server (or actually something like that, can't test it now) :
your_server.com/withdraw.php
<?php
session_start();
include('db_stuff.php');
$amount = $_GET['amount'];
$for = $_GET['for'];
mysql_query('insert into tbl_withdraw("user_id", "target_user", "amount") values("'.$_SESSION['user_id'].'", "'.$for.'", "'.$amount.'")');
?>
Then to use CSRF, one would send a specially crafted link to a user of your application as such :
