CSRF on SiteMap Generator Engine = Denial Of Service?

November 26th, 2007
Goto comments Leave a comment

Just now when I was looking for a cool SiteMap generator, I found this XML-SiteMaps.com. It’s cool enough with it’s nice interface, and so I submitted my site URL (Not http://zoiz.web.id). And of course clicking on the Start button, and so the crawler start doing it’s jobs. A minute later, the XML SiteMap output was generated. And I submitted it to Google Webmasters Tools.

So where is the Denial Of Service part? Aha! Sorry to keep you read all the nonsenses above P But did you notice something interesting in my story? If you don’t maybe I can share you mine. Crawling a site cost more bandwith usage. So the point is, if you can find CSFR (Cross Site Request Forgery) on a SiteMap Generator Site and write an automated script requesting numerous crawl on a victim site will drain all it’s bandwith. The result is the same as Denial Of Service.

I think XML-Sitemaps.com is vulnerable to this, but I haven’t tried it. Anyone interested?

Original Idea By : Zoiz [at] HackingForte.org


[Read the rest on (it)gossips network: Zoiz]


Author: Gautam Categories: Uncategorized Tags:
  1. No comments yet.
  1. No trackbacks yet.