Questions about this topic? Sign up to ask in the talk tab.
Difference between revisions of "XSRF"
From NetSec
WillieArce (Talk | contribs) m |
|||
| Line 1: | Line 1: | ||
<b>X</b>(cross) <b>S</b>ite <b>R</b>equest <b>F</b>orgery | <b>X</b>(cross) <b>S</b>ite <b>R</b>equest <b>F</b>orgery | ||
| − | This is a combination of an [[XSS]] attack and a [[CSRF]] attack. Typically the [[XSS]] contains code which would manipulate the user's browser in the context of an authenticated session with the actual appropriate [[HTTP referrer|http referrer]] in the [[HTTP]] request. This will bypass | + | This is a combination of an [[XSS]] attack and a [[CSRF]] attack. Typically the [[XSS]] contains code which would manipulate the user's browser in the context of an authenticated session with the actual appropriate [[HTTP referrer|http referrer]] in the [[HTTP]] request. This will bypass many form validation techniques. The [[XSS]] is usually just something small, e.g. a script tag to include a javascript file with an automated form submission. See [[CSRF]] for more information. |
| − | [[ | + | |
| + | {{series | ||
| + | | Name = XSRF | ||
| + | | PartOf = Web Exploitation | ||
| + | }} | ||
Revision as of 11:19, 10 November 2011
X(cross) Site Request Forgery
This is a combination of an XSS attack and a CSRF attack. Typically the XSS contains code which would manipulate the user's browser in the context of an authenticated session with the actual appropriate http referrer in the HTTP request. This will bypass many form validation techniques. The XSS is usually just something small, e.g. a script tag to include a javascript file with an automated form submission. See CSRF for more information.
|
XSRF Visit the Web Exploitation Portal for complete coverage.
|
