Solved

url with "CSRF_TOKEN=b9488472c08bed162ec910c5" as part of it

Posted on 2014-02-26
6
321 Views
Last Modified: 2014-03-30
Greetings,

I have a bad feeling about this.  I have noticed a site where the url's show something like page_name.php?CSRF_TOKEN=b9488472c08bed162ec910c5a21

Can anyone tell me what that is?  I found the wikipedia article on Cross-site request forgery.

How can I tell why that domain is adding that to all urls?

Thanks very much.

Sky
0
Comment
Question by:Schuyler Kuhl
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 

Author Comment

by:Schuyler Kuhl
ID: 39889932
If I look at the source of the home page at the bottom is this:

This is below my own </body></html>
unusual-html.txt
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39890212
That looks like old code and an attempt to allow Cross-site request forgery, not prevent it.  Is that there in the original source?  Can you edit it and re-upload it to see if it is being caused by the server?
0
 

Author Comment

by:Schuyler Kuhl
ID: 39890459
What would I edit?  I can only find that code in the source of the page.  Not on the code of the page when I am editing it.
0
MIM Survival Guide for Service Desk Managers

Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.

 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39890638
Well, that was part of the question.  Have you re-uploaded the page to see if it is still there when you know it wasn't in your original code?  If it re-appears, then something on the server is putting it there.  Check any javascript that you may be loading for that page.  An even easier test is to put a very simple HTML page up and see if it gets added to that.  Like this:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
 "http://www.w3.org/TR/html4/loose.dtd">

<html>
<head>
<title>Hello World</title>
</head>
<body>
<h1>Hello World</h1>
</body>
</html>

Open in new window

0
 

Author Comment

by:Schuyler Kuhl
ID: 39890655
Yes.  Thank you.  It only appears in the url after clicking on a link within the site.  I have also checked other sites on the same server and haven't found that same info in the url.
0
 
LVL 83

Accepted Solution

by:
Dave Baldwin earned 500 total points
ID: 39890677
Something is putting it there and generating that code in your pages.  ??
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When crafting your “Why Us” page, there are a plethora of pitfalls to avoid. Follow these five tips, and you’ll be well on your way to creating an effective page.
Today it’s fairly well known that high-performing websites and applications bring in more visitors, higher SEO, and ultimately more sales. By the same token, downtime is disastrous for companies and can lead to major hits on a brand, reputation, an…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
This video teaches users how to migrate an existing Wordpress website to a new domain.

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question