Web applications attacks/Cross site request forgery

From aldeid
Jump to: navigation, search

Description

CSRF (also called XSRF) attacks consist of tricking a legitimate user into activating a request to a web site, transparently and unwittingly.

To better understand, let's take an example. Suppose A wants to delete a post in a forum, but his privileges are not enough to do it. If A knows B and B has the necessary privileges to delete the post, A can send a malicious link to B (e.g. an image containing the link to delete the post). When B clicks on that link, it activates the deletion, based on B's session (with privileged access).

Examples

Protection

  • Check the Referer before validating form data. See here for an example in PHP

Tools

  • Arachni is a fast asynchronous Web Application Security Scanner that detects, among others, CSRF vulnerabilities.