Cross-site Request Forgery in web applications.
What is CSRF?
Cross-Site Request Forgery (CSRF) is a type of attack that occurs when a malicious web site, email, blog, instant message, or program causes a user’s web browser to perform an unwanted action on a trusted site for which the user is currently authenticated. The impact of a successful CSRF attack is limited to the capabilities exposed by the vulnerable application. For example, this attack could result in a transfer of funds, changing a password, or purchasing an item in the user’s context. In effect, CSRF attacks are used by an attacker to make a target system perform a function via the target’s browser without knowledge of the target user, at least until the unauthorized transaction has been committed.
Impacts of successful CSRF exploits vary greatly based on the privileges of each victim. When targeting a normal user, a successful CSRF attack can compromise end-user data and their associated functions. If the targeted end user is an administrator account, a CSRF attack can compromise the entire web application. Sites that are more likely to be attacked by CSRF are community websites (social networking, email) or sites that have high dollar value accounts associated with them (banks, stock brokerages, bill pay services). Utilizing social engineering, an attacker can embed malicious HTML or JavaScript code into an email or website to request a specific ‘task URL’. The task then executes with or without the user’s knowledge, either directly or by utilizing a Cross-Site Scripting flaw (ex: Samy MySpace Worm).
How the attack is carried on?
The CSRF only occurs if a victim is logged in or authenticated. In other words, the attack will be successful only if the victim is logged-in. CSRF attacks are used to bypass the authentication process. There are some elements which are not protected and not affected by CSRF. Where they are publicly accessible, and these type of sites or forms doesn’t need a logged in victim because anyone can send requests as it is publicly available.
Example.
Let us take a suggestion form on a website where any visitor to the website can send queries through the form without any user privileges whether the victim has high privilege or a low privilege. The CSRF is utilized when a victim performs actions with additional privileges
Attackers started targeting specific victims of the same web application. To ensure that the victim is logged in to the web application that is to be exploited. This is to ensure that the CSRF process will be a success.
There are two types of CSRF patterns to prevent CSRF attacks.
- Synchronizer Token Pattern
2. Double Submit Cookies Pattern
Thank You!!
See you soon :)