WordPress.org

Ready to get started?Download WordPress

Forums

CSFR tokens (4 posts)

  1. Andrew Areoff
    Member
    Posted 1 year ago #

    Can some explain what CSFR tokens are and where the following Javascript that seems to be at the bottom of pages on my site is a worry i.e. my site's been hacked:

    <script language="JavaScript"> var tokenName = 'CSRF_TOKEN'; var tokenValue = 'xxxxxxxxxxxxxxxxx'; function updateTags() { var all = document.all ? document.all : document.getElementsByTagName('*'); var len = all.length; for(var i=0; i<len; i++) { var e = all[i]; updateTag(e, 'src'); updateTag(e, 'href'); } } function updateForms() { var forms = document.getElementsByTagName('form'); for(i=0; i<forms.length; i++) { var html = forms[i].innerHTML; html += '<input type=hidden name=' + tokenName + ' value=' + tokenValue + ' />'; forms[i].innerHTML = html; } } function updateTag(element, attr) { var location = element.getAttribute(attr); if(location != null && location != '' && isHttpLink(location)) { var index = location.indexOf('?'); if(index != -1) { location = location + '&' + tokenName + '=' + tokenValue; } else { location = location + '?' + tokenName + '=' + tokenValue; } element.setAttribute(attr, location); } } function isHttpLink(src) { var result = 0; if(src.substring(0, 4) != 'http' || src.substring(0, 1) == '/') { result = 1; } return result; } updateTags(); updateForms(); </script></html>

    I've replaced the token with x's. This code appears after the closing HTML tag and then a new HTML tag is open with this JS.

    Can anyone advise?

    [Moderator Note: Please post code or markup snippets between backticks or use the code button. As it stands, your code may now have been permanently dmaged/corrupted by the forum's parser.]

  2. s_ha_dum
    Member
    Posted 1 year ago #

    It gives the impression of being an attempt to prevent Cross-Site Request Forgery.

    I am assuming this is inserted by a security plugin or your theme, as I don't see it on an unmodified 3.4.1 + Twenty-Eleven install.

  3. Andrew Areoff
    Member
    Posted 1 year ago #

    Thanks for that info.

    I was concerned it was a hack into the website but as you say it's a security feature to stop hacking.

    Thanks again for your help.

  4. mrkshrt
    Member
    Posted 1 year ago #

    Just so others won't have to dig around.

    It appears that mod_security is tacking that on to the end of what it returns. It is an anti-hacking feature.
    Here is the
    link

    Anybody that has a better grasp of this feel free to jump in.

Topic Closed

This topic has been closed to new replies.

About this Topic