Solved

url with "CSRF_TOKEN=b9488472c08bed162ec910c5" as part of it

Posted on 2014-02-26
6
319 Views
Last Modified: 2014-03-30
Greetings,

I have a bad feeling about this.  I have noticed a site where the url's show something like page_name.php?CSRF_TOKEN=b9488472c08bed162ec910c5a21

Can anyone tell me what that is?  I found the wikipedia article on Cross-site request forgery.

How can I tell why that domain is adding that to all urls?

Thanks very much.

Sky
0
Comment
Question by:Schuyler Kuhl
  • 3
  • 3
6 Comments
 

Author Comment

by:Schuyler Kuhl
ID: 39889932
If I look at the source of the home page at the bottom is this:

This is below my own </body></html>
unusual-html.txt
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39890212
That looks like old code and an attempt to allow Cross-site request forgery, not prevent it.  Is that there in the original source?  Can you edit it and re-upload it to see if it is being caused by the server?
0
 

Author Comment

by:Schuyler Kuhl
ID: 39890459
What would I edit?  I can only find that code in the source of the page.  Not on the code of the page when I am editing it.
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39890638
Well, that was part of the question.  Have you re-uploaded the page to see if it is still there when you know it wasn't in your original code?  If it re-appears, then something on the server is putting it there.  Check any javascript that you may be loading for that page.  An even easier test is to put a very simple HTML page up and see if it gets added to that.  Like this:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
 "http://www.w3.org/TR/html4/loose.dtd">

<html>
<head>
<title>Hello World</title>
</head>
<body>
<h1>Hello World</h1>
</body>
</html>

Open in new window

0
 

Author Comment

by:Schuyler Kuhl
ID: 39890655
Yes.  Thank you.  It only appears in the url after clicking on a link within the site.  I have also checked other sites on the same server and haven't found that same info in the url.
0
 
LVL 83

Accepted Solution

by:
Dave Baldwin earned 500 total points
ID: 39890677
Something is putting it there and generating that code in your pages.  ??
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've been asked to discuss some of the UX activities that I'm using with my team. Here I will share some details about how we approach UX projects.
FAQ pages provide a simple way for you to supply and for customers to find answers to the most common questions about your company. Here are six reasons why your company website should have a FAQ page
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
This tutorial demonstrates how to identify and create boundary or building outlines in Google Maps. In this example, I outline the boundaries of an enclosed skatepark within a community park.  Login to your Google Account, then  Google for "Google M…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question