Solved

url with "CSRF_TOKEN=b9488472c08bed162ec910c5" as part of it

Posted on 2014-02-26
6
332 Views
Last Modified: 2014-03-30
Greetings,

I have a bad feeling about this.  I have noticed a site where the url's show something like page_name.php?CSRF_TOKEN=b9488472c08bed162ec910c5a21

Can anyone tell me what that is?  I found the wikipedia article on Cross-site request forgery.

How can I tell why that domain is adding that to all urls?

Thanks very much.

Sky
0
Comment
Question by:Schuyler Kuhl
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 

Author Comment

by:Schuyler Kuhl
ID: 39889932
If I look at the source of the home page at the bottom is this:

This is below my own </body></html>
unusual-html.txt
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39890212
That looks like old code and an attempt to allow Cross-site request forgery, not prevent it.  Is that there in the original source?  Can you edit it and re-upload it to see if it is being caused by the server?
0
 

Author Comment

by:Schuyler Kuhl
ID: 39890459
What would I edit?  I can only find that code in the source of the page.  Not on the code of the page when I am editing it.
0
Get Actionable Data from Your Monitoring Solution

Your communication platform is only as good as the relevance of the information you send. Ensure your alerts get to the right people every time with actionable responses. Create escalation rules that ensure everyone follows the process and nothing is left to chance.

 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39890638
Well, that was part of the question.  Have you re-uploaded the page to see if it is still there when you know it wasn't in your original code?  If it re-appears, then something on the server is putting it there.  Check any javascript that you may be loading for that page.  An even easier test is to put a very simple HTML page up and see if it gets added to that.  Like this:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
 "http://www.w3.org/TR/html4/loose.dtd">

<html>
<head>
<title>Hello World</title>
</head>
<body>
<h1>Hello World</h1>
</body>
</html>

Open in new window

0
 

Author Comment

by:Schuyler Kuhl
ID: 39890655
Yes.  Thank you.  It only appears in the url after clicking on a link within the site.  I have also checked other sites on the same server and haven't found that same info in the url.
0
 
LVL 83

Accepted Solution

by:
Dave Baldwin earned 500 total points
ID: 39890677
Something is putting it there and generating that code in your pages.  ??
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lease-to-own eliminates the expenditure of hardware replacement and allows you to pay off the server over time. Usually, this is much cheaper than leasing servers. Think of lease-to-own as credit without interest.
Although a lot of people devote their energy toward marketing for specific industries, there are some basic principles that can be applied to any sector imaginable. We’ll look at four steps to take and examine how those steps were put into action fo…
The viewer will get a basic understanding of what section 508 compliance can entail, learn about skip navigation links, alt text, transcripts, and font size controls.
Shows how to create a shortcut to site-search Experts Exchange using Google in the Chrome browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch the Search Engine Menu: In chrome, via you…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question