The application is vulnerable to Cross-Site Request Forgery (CSRF) attacks due to the fact that it does not verify the origin of requests. This vulnerability allows an attacker to trick a user into making requests they did not intend, as long as the user has a valid session to the application.
This attack is made possible due to the way that browsers automatically submit cookies with every request the user makes to the domain of the application. Even though the attacker creates the request, it is submitted with the cookie of the victim and the attack will be seen by the application as a valid and authorized request.
CSRF attacks can be deployed in many ways including in banner ads, cross-site scripting vulnerabilities, and files, to name a few. When the resource is loaded, the request is made unbeknownst to the user
How To Test
Sample Report Screenshots
Time Saving Tips