Questions about this topic? Sign up to ask in the talk tab.

CSRF

From NetSec
Revision as of 11:37, 18 December 2010 by WillieArce (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Cross-Site Referral Forgery

CSRF can occur when a web form does not properly check its HTTP referrer information to ensure that a browser came from its own site. This can be especially dangerous to users of a site with a form like this. CSRF is likely one of the most prominent vulnerabilities today.

The result of a successful CSRF attack is performing actions in the context of a user's session. If a user is logged into one site, and clicks a link to another, the other site's code may control what the logged-in user does on the original site.

When mixed with XSS, this attack becomes the much more dangerous XSRF.