Questions about this topic? Sign up to ask in the talk tab.

Difference between revisions of "CSRF"

From NetSec
Jump to: navigation, search
Line 1: Line 1:
 +
{{expand}}{{info|Needs example}}
 
<b>C</b>ross-<b>S</b>ite <b>R</b>eferral <b>F</b>orgery  
 
<b>C</b>ross-<b>S</b>ite <b>R</b>eferral <b>F</b>orgery  
  

Revision as of 01:24, 19 October 2011

This article contains too little information, it should be expanded or updated.
Things you can do to help:
  • add more content.
  • update current content.
c3el4.png Needs example

Cross-Site Referral Forgery

CSRF can occur when a web form does not properly check its HTTP referrer information to ensure that a browser came from its own site. This can be especially dangerous to users of a site with a form like this. CSRF is likely one of the most prominent vulnerabilities today.

The result of a successful CSRF attack is performing actions in the context of a user's session. If a user is logged into one site, and clicks a link to another, the other site's code may control what the logged-in user does on the original site.

When mixed with XSS, this attack becomes the much more dangerous XSRF.



CSRF
is part of a series on

Web Exploitation

Visit the Web Exploitation Portal for complete coverage.