Questions about this topic? Sign up to ask in the talk tab.

XSRF

From NetSec
Revision as of 10:19, 10 November 2011 by LashawnSeccombe (Talk | contribs)

Jump to: navigation, search

X(cross) Site Request Forgery

This is a combination of an XSS attack and a CSRF attack. Typically the XSS contains code which would manipulate the user's browser in the context of an authenticated session with the actual appropriate http referrer in the HTTP request. This will bypass many form validation techniques. The XSS is usually just something small, e.g. a script tag to include a javascript file with an automated form submission.

c3el4.png See CSRF and XSS for more information.



XSRF
is part of a series on

Web Exploitation

Visit the Web Exploitation Portal for complete coverage.








Retrieved from "http://nets.ec/index.php?title=XSRF&oldid=1902"