Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

url with "CSRF_TOKEN=b9488472c08bed162ec910c5" as part of it

Posted on 2014-02-26
6
Medium Priority
?
372 Views
Last Modified: 2014-03-30
Greetings,

I have a bad feeling about this.  I have noticed a site where the url's show something like page_name.php?CSRF_TOKEN=b9488472c08bed162ec910c5a21

Can anyone tell me what that is?  I found the wikipedia article on Cross-site request forgery.

How can I tell why that domain is adding that to all urls?

Thanks very much.

Sky
0
Comment
Question by:Schuyler Kuhl
  • 3
  • 3
6 Comments
 

Author Comment

by:Schuyler Kuhl
ID: 39889932
If I look at the source of the home page at the bottom is this:

This is below my own </body></html>
unusual-html.txt
0
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 39890212
That looks like old code and an attempt to allow Cross-site request forgery, not prevent it.  Is that there in the original source?  Can you edit it and re-upload it to see if it is being caused by the server?
0
 

Author Comment

by:Schuyler Kuhl
ID: 39890459
What would I edit?  I can only find that code in the source of the page.  Not on the code of the page when I am editing it.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 39890638
Well, that was part of the question.  Have you re-uploaded the page to see if it is still there when you know it wasn't in your original code?  If it re-appears, then something on the server is putting it there.  Check any javascript that you may be loading for that page.  An even easier test is to put a very simple HTML page up and see if it gets added to that.  Like this:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
 "http://www.w3.org/TR/html4/loose.dtd">

<html>
<head>
<title>Hello World</title>
</head>
<body>
<h1>Hello World</h1>
</body>
</html>

Open in new window

0
 

Author Comment

by:Schuyler Kuhl
ID: 39890655
Yes.  Thank you.  It only appears in the url after clicking on a link within the site.  I have also checked other sites on the same server and haven't found that same info in the url.
0
 
LVL 84

Accepted Solution

by:
Dave Baldwin earned 2000 total points
ID: 39890677
Something is putting it there and generating that code in your pages.  ??
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to write a Context Sensitive Help (an online help that is obtained from a specific point in state of software to provide help with that state) ,  first we need to make the file that contains all topics, which are given exclusive IDs. …
Q&A with Course Creator, Mark Lassoff, on the importance of HTML5 in the career of a modern-day developer.
Any person in technology especially those working for big companies should at least know about the basics of web accessibility. Believe it or not there are even laws in place that require businesses to provide such means for the disabled and aging p…
Google currently has a new report that is in beta and coming soon to Webmaster Tool accounts. This Micro Tutorial will highlight new features for Google Webmaster Tools.
Suggested Courses
Course of the Month21 days, 3 hours left to enroll

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question