What is this field on the Toaster for?

J

jasonOk2016-03-20 14:21:50

HTML

jasonOk, 2016-03-20 14:21:50

The question is a little silly, but still
When you enter or register on the Toaster (or rather tmtm.ru) there is a hidden input, I have it like this

<input type="hidden" name="state" value="7d5ff819-b9db-4aa4-8bf1-b4c65122c4"/>

Is it some kind of unique identifier, or something else? What is the purpose of passing it in the form?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

K

khipster, 2016-03-20
@jasonOk

Cross-site request forgery.
There is a problem with hhtp, just as you can download a picture from another site, you can also submit a form to another site. Those. an attacker can send a form on your behalf to another site on which you are logged in, if you accidentally get to the attacker's site (for example, follow the link in the letter). So you can put someone plus Vkontakte on your behalf or transfer money. But the attacker cannot see this code: 7d5ff819-b9db-4aa4-8bf1-b4c65122c4, so he will not be able to fake it. Moreover, this code is always different (a one-way function is used), i.e. an attacker cannot go to the desired site, copy this code and paste it on his bad one from which the form is sent.

S

sim3x, 2016-03-20
@sim3x

https://en.wikipedia.org/wiki/Cross-site_request_f...
no, https is not about
http :
//en.wikipedia.org/wiki/Cross-site_request_f ... sent from the page that the server sent to the user"