Cross Site Request Forgery


Description

The application is vulnerable to Cross-Site Request Forgery (CSRF) attacks due to the fact that it does not verify the origin of requests. This vulnerability allows an attacker to trick a user into making requests they did not intend, as long as the user has a valid session to the application.

This attack is made possible due to the way that browsers automatically submit cookies with every request the user makes to the domain of the application. Even though the attacker creates the request, it is submitted with the cookie of the victim and the attack will be seen by the application as a valid and authorized request.

CSRF attacks can be deployed in many ways including in banner ads, cross-site scripting vulnerabilities, and files, to name a few. When the resource is loaded, the request is made unbeknownst to the user

Custom Description

Impact

Risk Rating

Remediation

How To Test

Sample Report Screenshots

Time Saving Tips

Testing Gotchas

References

 

Subscribe here in order to gain access to the AppSec Findings Database

 

Leave a Reply