5:21 AM  Shubham Yadav  No comments

Cross‐site request forgery  is a class of attack that affects web based applications with a predictable structure for invocation. This class of attack has in some form been known about and exploited since before the turn of the millennium. It is also known as CSRF or XSRF. Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user's browser.

CSRF flaws exist in web applications with a predictable action structure and which use cookies, browser authentication or client side certificates to authenticate users. The basic idea of CSRF is simple: an attacker tricks the user into performing an action of the attacker’s choosing by directing the victim’s actions on the target application with a link or other content. This is easiest to understand in the example of a HTTP GET.

Reflected vs. Stored CSRF

Similarly to Cross‐site scripting (XSS) vulnerabilities, CSRF vulnerabilities can be divided into two major categories: stored and reflected.

A stored CSRF vulnerability is one where the attacker can use the application itself to provide the victim the exploit link or other content which directs the victim’s browser back into the application, and causes attacker controlled actions to be executed as the victim. Stored CSRF vulnerabilities are more likely to succeed, since the user who receives the exploit content is almost certainly currently authenticated to perform actions. Stored CSRF vulnerabilities also have a more obvious trail, which may lead back to the attacker.

In a reflected CSRF vulnerability the attacker uses a system outside the application to expose the victim to the exploit link or content. This can be done using a blog, an email message, an instant message, a message board posting, or even a flyer posted in a public place with an URL that a victim types in. Reflected CSRF attacks will frequently fail, as users may not be currently logged into the target system when the exploits are tried. The trail from a reflected CSRF attack may be under the control of the attacker, however, and could be deleted once the exploit was completed.

Posted in: Hacking Articles,How to Hack,What is