Wifi Password Recovery - UTM - Vulnerability Scanning


VIP LOUNGE
CLOUD LOGIN
Sun Sun Sun

You are here: Resources > CSRF

CSRF

CSRF is known by many other names and monikers: cross-site request forgery, session riding, XSRF, or the one-click attack. This is a kind of dangerous and malicious website exploit that uses and transmits unauthorized commands from a user that is trusted by the site. In contrast to XSS or cross-site scripting (an exploit that takes advantage of a user's trust for a particular website), CSRF instead abuses the trust that the website has given to a particular user, his browser, or his IP address. Essentially, CSRF is the reverse of XSS in terms of "trust" (wherein trust in this context refers to the amount of leeway and access that one gives to another).

This is an old exploit that been used by black hats and crackers everywhere since the nineteen-nineties, so it has been around for quite sometime—arguably since the rise of the Internet's popularity, even. CSRF vulnerabilities are usually done from a trusted user's IP address; ergo, there are times when website logs cannot provide any proof that a CSRF exploit had just taken place exactly whenever such things are carried out using another person's IP address. To wit, these instances are vastly underreported to the public (as of 2007, there are but a scant number of documented CSRF exploits) because of how stealthy this method is by nature.

One example deals with around 18 million eBay users at a Korean auction site who lost their personal details and some such back in February 2008 thanks to this purported session riding hack. Then there's another CSRF occurrence that deals with Mexican bank customers that used an emailed image tag to make the exploit work. To be more specific, the email was a phishing ploy wherein the image tag modified the bank's DNS entry in the victims' ADSL routers to point to a malicious website. At any rate, here are the general traits and characteristics of a typical CSRF exploit.

First off, it more often than not uses a script or a link in a page that has access to a website to which the user is known, trusted, authenticated, and enabled for easy site access. Secondly, it also involves utilizing HTTP requests that can cause crippling side effects to a targeted website, tricking the trusted user's browser into delivering the aforementioned harmful HTTP requests, exploiting a site's trust on the identity of an authenticated user that's authorized free access to the site, and depending on the trusted user's identity to make the XSRF exploit possible in the first place.

The programs that are most vulnerable to this particular exploit are web-based applications that execute functions made by authenticated or trusted users without requiring them to first authorize the action. A cookie-authenticated user can unwittingly send a malicious and website-cracking HTTP request just because he is "trusted" by (i.e., given permission to access) the site without any preliminary requirements to do specific actions that safeguard it from causing unwanted actions, identity theft, and error-causing mayhem.

Read more about SecPoint by viewing any of the given links: SecPoint News, About SecPoint, and SecPoint Press.

WPA Password Recovery                                   Web Vulnerability Scanner                                 Protector UTM Firewall

 


Reviews of SecPoint.com
 
 
 
 
 

Awards & Reviews
  

  

Related pages
802.11 Protocol
Alfa AWUS036h Information
Alfa AWUS051nh Information
All about Cloud Security
Anti Hacking/Anti-Cracking Tips & Tricks
Anti Spam Black Lists
Anti-Cross Site Scripting (XSS) Tips and Tricks
Anti-Denial-of-Service Tips & Tricks
Anti-Phishing Tips & Trick
Anti-Social-Engineering Tips & Tricks
Anti-Spam Tips & Tricks
Anti-Spyware Tips and Tricks
Anti-SQL Injection Tips and Tricks
Anti-Virus Tips & Trick
Better Wi-Fi Range without Interference
Block Email Junk
Breaking Authentication Schemes
Cloud Internet Security
CSRF
DDoS
Distributed Denial of Service
DLP
Email & Spam Test Links
Ethical Hacker
Free Top 15 Wifi Security Tips Videos
FreeBSD
Google hacking
Honeypot
How does SEO hacking occur?
How to choose a vulnerability scanning vendor?
How to get rid of a trojan horse
How to get rid of malware
How to protect against client wireless hacking
Internet Information Services (IIS) - Web Service Attacks
IPX
IT Security Gurus
NetBEUI
OpenBSD
OSI
Pen Test Appliance
Portable Penetrator - Protector - Penetrator QR Codes
RC4
Risks of Cyber Crime
RSA
SecPoint Free Security Scan
Security Mailinglist Rss Feeds
Security Scanner
SEO 200 codes to 404 errors not follow html standard
SEO 302 Redirect
SEO Check a tags no follow
SEO Check cusor type to text spam
SEO Check for css hiding of elements
SEO Check for img alt title tags spamming
SEO check for long title tag spamming
SEO check for no tags noarchive noindex nofollow
SEO Check for short link tag spam
SEO check for small size font tag
SEO Check H tags H1..H6 spamming
SEO Check link from invisible img
SEO Check links do not correspond to a tag
SEO Check long keyword description tags
SEO Check NOSCRIPT text for spamming
SEO Check page has count a tags
SEO Errors explanations
SEO Javascript popups spam
SEO META REFRESH redirect spam
SEO Same link with different content
SEO Too many keywords spam
SharePoint Multi-Tier Attacks
SOX
Spam Blocker
SQL Server - Stored Procedure Attacks
Stealthy DDoS
Stop Spam
TCP/IP
Technology Papers
Test Your Security Policy
The Facts about Cloud Computing
The Sarbanes-Oxley Act of 2002
Top 10 Cloud Computing Services
Top 10 Free IT Security Tools
Top 10 Hacker Attacks
Top 10 Hackers
Top 10 IT Security Tips
Top 10 IT Security Tools
Top 10 Most Secure Operating Systems
Top 10 Myths in IT Security
Top 10 Phishing Scams
Top 10 Social Engineering Tactics
Top 10 Spam Attacks
Top 10 Spyware
Top 10 Viruses
Top 10 Ways to Protect Your Computer from Hackers
Top 10 Website Security Myths
Top 10 Worms
Types of Hacker
UTM Appliance Review
Virtual Machine
Virus Spam Bounce Ruleset
Vulnerability Assessment Guide
Vulnerability Testing Appliance
What are Server Misconfigurations and Predictable Pages?
What are the risks of the escalation of privileges in the active directory?
What is SSH?
White Papers
WiFi Security
Wifi Security Tips & Tricks
Wifi WEP Encryption Cracking Guide
Wifi WPA & WPA2 Encryption Cracking Guide
Wireless Access Point
Worldwide Security Events
WPA Handshake
WPA2
WPA2 Handshake

Subscribe to our Mailing List

Customer References


About
About
SecPoint
History
Mission Statement
Vision
Management
Investment
Bank
Sponsorship
Certificates
Environment
Environment
What is RoHS Weee?
Accounting
Values
Member of Organisations
Merchandise
SecPoint Certification
Design
Status Information
Hardware Vendors
Jobs
Environment
SecPoint on social media
Twitter Facebook Youtube
Products
Products
Protector
Cloud Protector
Penetrator
Portable Penetrator
Cloud Penetrator
Free IT Security Tools
Pricing
SecPoint Brochures
SecPoint Questions FAQ
SecPoint Datasheets
SecPoint SPID Library


Partners
Partners
Become a SecPoint Affiliate
Become a SecPoint Partner
SecPoint Franchising
SecPoint Partner Lounge
News
News
Press
Product Awards
SecPoint RSS Feeds


Contact
Contact
General Contact
IT Security Products Webshop
Latest SecPoint Software Images Change Log
SecPoint FAQ Frequently Asked Questions
SecPoint on Twitter
SecPoint Sales Training Videos
SecPoint Shipping Cost
SecPoint World Wide Shipping
Support
Solutions
Anti-Spam Appliance
UTM Appliance
Penetration Testing
Proxy Appliance
SAAS
Spam Filters
Vulnerability Assessment
Vulnerability Scanner
Vulnerability Scanning
Vulnerability Scanning Appliance
Web Content Filter
Web Filter Appliance
WiFi Hacking
How essential is vulnerability
management?
What is ...?

Encyclopedia | Free Scan Statement | Link Policy | Privacy Statement | Resources | Sitemap | User Policy
© Copyright 1999-2012: SecPoint®
SecPoint ApS Noerregade 7B - 1165 Copenhagen K - Denmark
US Toll free: +1-888-704-7297 - EU: +45-70-235-245