What is CSRF attack and what damage can it cause?

Navigation
10

I'm seeing some people mentioning the CSRF attacks here on Stack Overflow.

What I would like to know is:

  • What is a CSRF attack ?

  • How is it done?

  • What damage can it cause?

  • How can I prevent CSRF attacks?

asked by anonymous 04.03.2016 / 03:08

2 answers

11

What is a CSRF attack?

It is a type of attack to damage or steal data from a user in a web service. Usually a malicious website, widget or application takes advantage of the user being logged in to some web service and performing actions on that service.

CSRF in OWASP

How is it done? What damage can it cause?

XSS : Let's say you have a facebook and, like almost everyone, your browser is always logged in to facebook. You enter a malicious site that contains an iframe pointing to facebook. When you finish loading the page, this site runs a javascript that fills the facebook status for "sou n00b" and press send. (This scenario is currently "blocked" by web browsers)

CSRF : Let's say you have an account at Panama Bank, and log into your web banking. This web banking is done in web 1.0, where each link or filled form needs to reload the entire page. Still logged in, you enter a malicious site that redirects you, via POST, to the page "processa_transferencia.php", sent in POST an account number and a value. The n00b that made the site checks if you are logged in. If yes, process the transfer. TCHAU GRANA!

How can I prevent CSRF attacks?

Understanding what is CORS is a good start, mainly to defend against XSS.

In the case of CSRF, it is easiest to use security tokens for POST-type requests. Basically, the page containing the form to be submitted creates a TOKEN. When the user submits the POST of this form, just verify that TOKEN came together and if it is what was generated previously.

The OWASP has a set of prevention tips for this type of attack .

    
04.03.2016 / 03:45
1

CSRF (Cross-Site Request Forgery) is a type of attack that, when executing a malicious script in the victim's browser, accesses another website without being aware of it. The attacker is thus able to hijack the victim's session, for example by making comments on the site, transferring monetary values, placing an order, etc.

The most common technique to prevent this type of attack is to put a token through a hidden field in the form. When the form is submitted it is ensured that the token is present and that it matches the token saved in session (MacIntyre, Danchilla, & Gogala, 2011). >     

26.07.2016 / 21:23
Does PHP only connect to MySQL? What's the difference in declarations with [] and {} in JavaScript?