If you don't know what it is, let me introduce to you. If not, please state the mistake if any. XSRF, obviously is a webapp attack method. It is not only applied to HTML, but all markup language.
Let's see an example then you may know what the problem is.
<img src="http://www.bookstore.com/order.php?isbn=817525766-0&quantity=100&submit=yes" height=0 width=0 />
Although img is not including an image, the HTTP request is still send to the server. By setting the height and width of the img or using CSS style, the broken image can be hidden, the user even don't know such request has been sent. XSRF can force the user to updateing their profile, post new message or thread unknowingly. Sounds like not so dangerous, however it is more worse than that.
Difference between XSS and XSRF
Cross-Site Scripting (XSS) and XSRF are quite similar, isn't it? Actually they are not the same. XSS is try to either abuse client-side active scripting holes, or send privileged information to unknown site by inserting active code in HTML document.XSRF is not rely on client-side active scripting, it try to take unwanted, unapproved actions on a site where the user has some authority.
It is difficult to filter content, because the XSRF attack may look like this:
<img src="http://itisnotanattack.com/logo.jpg" height=0 width=0 />
When your client requests logo.jpg, the file does not exist, but itisnotanattack.com server will redirect you to somewhere it like to show you.
XSRF can also be used to attack servers behind firewalls. It is not just public webapps that are at risk.
<img src="http://intranet/admin/purgeDB?confirm=yes" />
If the attackers knows enough to make a URL and can get the admin open this file, then everything is done. Now you know how funny (dangerous) it is.
1 comment:
This scripting seems very interesting, but don't attack my sites XD
Post a Comment