Questions about this topic? Sign up to ask in the talk tab.

Difference between revisions of "XSRF"

From NetSec
Jump to: navigation, search
m
 
 
(6 intermediate revisions by 3 users not shown)
Line 1: Line 1:
 +
{{expand}}
 +
{{merge|XSS}}
 +
 +
 
<b>X</b>(cross) <b>S</b>ite <b>R</b>equest <b>F</b>orgery
 
<b>X</b>(cross) <b>S</b>ite <b>R</b>equest <b>F</b>orgery
  
This is a combination of an [[XSS]] attack and a [[CSRF]] attack.  Typically the [[XSS]] contains code which would manipulate the user's browser in the context of an authenticated session with the actual appropriate [[HTTP referrer|http referrer]] in the [[HTTP]] request.  This will bypass certain [[form validation]] techniques.
+
This is a combination of an [[XSS]] attack and a [[CSRF]] attack.  Typically the [[XSS]] contains code which would manipulate the user's browser in the context of an authenticated session with the actual appropriate [[HTTP referrer|http referrer]] in the [[HTTP]] request.  This will bypass many form validation techniques.  The [[XSS]] is usually just something small, e.g. a script tag to include a javascript file with an automated form submission. 
[[Category:Web Exploitation]]
+
 
 +
{{info|See [[CSRF]] and [[XSS]] for more information.}}
 +
 
 +
{{exploitation}}
 +
{{social}}
 +
 
 +
[[Category:Web exploitation]]

Latest revision as of 22:49, 15 May 2012

This article contains too little information, it should be expanded or updated.
Things you can do to help:
  • add more content.
  • update current content.
It has been proposed that XSRF be merged with XSS.
If you have comments please make them on the Discussion page.


X(cross) Site Request Forgery

This is a combination of an XSS attack and a CSRF attack. Typically the XSS contains code which would manipulate the user's browser in the context of an authenticated session with the actual appropriate http referrer in the HTTP request. This will bypass many form validation techniques. The XSS is usually just something small, e.g. a script tag to include a javascript file with an automated form submission.

c3el4.png See CSRF and XSS for more information.
XSRF is part of a series on exploitation.
<center>
</center>