CSRF Web Vulnerabilities – Nikita Makeyev
Download as ODP, PDF0 likes535 views
Cross-site request forgery (CSRF) is a type of attack that tricks a user into performing unwanted actions on a website they're authenticated to by submitting forged HTTP requests from another site. It works by exploiting a website's trust in a user's browser and authenticated cookies to transmit requests without the user's knowledge or consent. To prevent CSRF, websites should only use POST requests to initiate actions, check HTTP referrers, and include random server-generated tokens in all form submissions.
CSRF Web Vulnerabilities – Nikita Makeyev
- 1. Welcome Cross Site Request Forgery (CSRF) Nikita Makeyev, CoreCommerce
- 2. * Cross Site Request Forgery * CSRF * XSRF * One-Click Attack * Session Riding Cross Site Request What?
- 3. Step 1 :
- 4. Attacker finds a website that: performs an action upon a GET request
- 5. OR
- 6. performs an action upon a POST request
- 7. but doesn't differentiate between POST
- 8. and GET data How Does It Work?
- 9. Step 2 : Attacker constructs a string that simulates
- 10. a server action request and includes it as
- 11. a src of an image or a script on a bunch of
- 12. sites - blogs, forums, malicious sites, etc. <img src=” https://www.mybank.com/account.php?m=update_account &submit=Y&email=hostile@evil.com ” alt=”image” /> How Does It Work?
- 13. Step 3 : Legitimate user accesses
- 15. logs in and then happens to visit one of
- 16. the compromised pages. How Does It Work?
- 17. Step 4: Attacker checks
- 19. every day and attempts to use the forgot
- 20. password feature using [email_address] How Does It Work?
- 21. Web developers aren't as familiar with this vulnerability as some other ones (XSS, SQL injection)
- 22. Site relying on user identity
- 23. Attacker able to find a form submission or a URL that performs action
- 24. Attacker must lure victim to a page with malicious code What Makes It Possible?
- 25. Undetectable by automated scanners
- 27. The attack is silent
- 28. Easily mountable
- 29. Combines with XSS Why Is It Dangerous?
- 30. Do not use REQUEST
- 31. Only use POST to initiate actions
- 32. Checking the HTTP Referrer header
- 33. Use random server generated user-specific token in all form submission <form action=”index.php” method=”POST”> … <input type=”hidden” name=”<?php print $oneTimeTokenName” value=”<?php print $oneTimeTokenValue” /> ... </form> How Do I Prevent It?
Editor's Notes
- #2: ASK: how many freelancers? ASK: How many business owners?