Questions about this topic? Sign up to ask in the talk tab.
Difference between revisions of "CSRF"
From NetSec
WillieArce (Talk | contribs) m |
|||
| Line 7: | Line 7: | ||
When mixed with [[XSS]], this attack becomes the much more dangerous [[XSRF]]. | When mixed with [[XSS]], this attack becomes the much more dangerous [[XSRF]]. | ||
| − | + | {{series | |
| + | | Name = CSRF | ||
| + | | PartOf = Web Exploitation | ||
| + | }} | ||
Revision as of 23:52, 18 October 2011
Cross-Site Referral Forgery
CSRF can occur when a web form does not properly check its HTTP referrer information to ensure that a browser came from its own site. This can be especially dangerous to users of a site with a form like this. CSRF is likely one of the most prominent vulnerabilities today.
The result of a successful CSRF attack is performing actions in the context of a user's session. If a user is logged into one site, and clicks a link to another, the other site's code may control what the logged-in user does on the original site.
When mixed with XSS, this attack becomes the much more dangerous XSRF.
|
CSRF Visit the Web Exploitation Portal for complete coverage.
|
