Cross Site Request Forgeries

• A request generated from a user’s browser without the user’s knowledge

• Relies on web site trust of logged-in users

• An attack involves tricking a user into transmitting ‘bad’ html with a request, which then returns sensitive data to the attacker

• Executed via iframes, xmlhttprequest calls or embedded in tags such as <script>, <object>, <embed>, <img>, …

Example

<form name="myForm">
<input type="hidden" name="item_id" value="123" />
<input type="hidden" name="quantity" value="1" />
</form>
<script>document.forms['myForm'].submit();</script>

Counter Measures

• Use a unique form token in a hidden input field to verify the request

• Require re-login before sensitive operations (ex: financial)

Share

Leave a Reply

Your email address will not be published. Required fields are marked *