Cross-site request forgery
Cross-site request forgery (also known as XSRF or CSRF) is an attack against web-hosted apps whereby a malicious web app can influence the interaction between a client browser and a web app that trusts that browser. These attacks are possible because web browsers send some types of authentication tokens automatically with every request to a website. This form of exploit is also known as a one-click attack or session riding because the attack takes advantage of the user's previously authenticated session.
An example of a CSRF attack:
- A user signs into
www.good-banking-site.comusing forms authentication. The server authenticates the user and issues a response that includes an authentication cookie. The site is vulnerable to attack because it trusts any request that it receives with a valid authentication cookie. - The user visits a malicious site,
www.bad-crook-site.com.The malicious site,www.bad-crook-site.com, contains an HTML form similar to the following:HTML<h1>Congratulations! You're a Winner!</h1> <form action="http://good-banking-site.com/api/account" method="post"> <input type="hidden" name="Transaction" value="withdraw"> <input type="hidden" name="Amount" value="1000000"> <input type="submit" value="Click to collect your prize!"> </form>Notice that the form'sactionposts to the vulnerable site, not to the malicious site. This is the "cross-site" part of CSRF. - The user selects the submit button. The browser makes the request and automatically includes the authentication cookie for the requested domain,
www.good-banking-site.com. - The request runs on the
www.good-banking-site.comserver with the user's authentication context and can perform any action that an authenticated user is allowed to perform.
Comments
Post a Comment