Guess what will happen if you add an image like below in your html page:

<img src=”http://mail.google.com/mail/?logout&hl=en”  />

It does not appear in page, but your google account in another window or another tab will get logoff. Now an external website could logout you from your gmail or orkut.

IF you coded your website to delete a photo or object from the website, like this: www.domainname.com/photos/delete?id=221, you may think , since you are checking user authentication at server side, no one else can delete your file. But what if you are logged in one tab and in the second tab, you are loading another website (of hacker or attacker), he can place lots of hidden images with src = www.domainname.com/photos/delete?id=22 ( he can try with ids from 0 to 1000 or 10,000, and anyone of them may be your object)

Here the authentication is okay , because the cookies and session is already set in another tab, and it affects (update or delete) your content.

Those who think , I use POST method , so it is safe. Sorry, you are wrong. A javascript can also simulate a post method, and by using this, an external website can update your form (For example they can run a form submission for changing the email which you registered with and later they can reset password to hack your account)

It won’t happens if you use captcha. But for all forms it is very hard to use CAPTCHA everywhere. You can solve this attack using additional parameter (some string combination which is generated randomly) along with GET url or POST form submission.

For example, check the url to delete a mail in gmail.

http://mail.google.com/mail/?ui=2&ik=42e598c952&at=xn3j2ufyx273muje67ot1fsxsnbmnl&
view=up&act=tr&rt=j&search=inbox

There is some extra string alone with useful information as parameter. So an external application cannot predict the exact url to delete a particular mail, so img with src= url fails here.

Same thing is also needed in POST method. Add one hidden field for random string and check the string before updating into database from Server.

This problem is called CSRF – Cross Site Request Forgery

Thanks
Sajith

Tags: cookie, csrf, get, gmail, hack, hacker, post, safety, security, session, web application

If you know this feature already , skip this article. But i have to ask a single question at the end of this section .

For wordpress version less than 2.3 , Go to Options  >  writing, and  for greater than 2.3, Go to settings > writing

What you have to do is create an email account with pop3 support

You can see the heading “Post via e-mail” there.

Enter your email server (by replacing mail.example.com)

Enter your pop3 port. (110 by default)

Enter your email login and password.

Choose a category to for the email entry posts

Finally Press update option Button

What you have done above is only the settings. For grabbing or pulling the content from email, you need to call/trigger an url.

That url is: http://yourblogdomain/wordpressinstalldir/wp-mail.php

Either you can call it manually. Or you can set up a cron job for that url by call the url using wget or like functions

Another simple mechanism to call this email trigger is use a hidden iframe in your blog template. (anywhere)

<iframe width=”0″ height=”0″  style=”display:none”  src=”http://yourblogdomain/wordpressinstalldir/wp-mail.php“></iframe>

The problem with this email posting is , it strips all the html tags before entering into wordpress database.

The is no way to find the attachments from an email.

So I decided to start a wordpress plugin which does the above missing properties. If there is any ‘working’ plugin available, please let me know, so that  I can avoid the re-inventing of wheel .

Thanks

Sajith M.R

Tags: , attachement, auto, cron, email, plugin, post, trigger, wordpress

You can simulate the post method using php without the help of curl library.
download full source code:

See the code below:

function do_post_request($url, $data, $optional_headers = null) {

$params = array('http' =>; array('method' =>; 'POST',

'content' =>; $data

));

if ($optional_headers !== null) {

$params['http']['header'] = $optional_headers;

}

$ctx = stream_context_create($params);

$fp = @fopen($url, 'rb', false, $ctx);

if (!$fp) {

throw new Exception("Problem with $url, $php_errormsg");

}

$response = @stream_get_contents($fp);

if ($response === false) {

throw new Exception("Problem reading data from $url, $php_errormsg");

}

return $response;

}

?>

Download the full source code from post_without_curl.zip

Tags: curl, php, post, simulation, source code