Advanced Cyber Security

Encyclopedia /

Cross Site Request Forgery

Cross-site request forgery is one of the many forms of malicious website exploitation in which conduction of unauthorized commands from a trusted user of a certain website occurs.

Cross-site request forgery is also recognized with the names one-click attack and session riding.

In addition to this, this type of exploit may be identified with the abbreviations XSRF and CSRF, which is read as “sea-surf”.

This is related in some ways with another web exploit which is the cross-site scripting or XSS, which occurs by abusing the confidence of a user on a specific website.

Cross-site request forgery, on the other hand, works in an opposite way wherein what is being abused in this attack is the trust of a website on the browser of the user.

Transmit Pre Authenticated Request

Cross-site request forgery has a very well-thought process and it has been popular since the year 1990s.

The attack begins when the logged-on browser of the user is forced to transmit a pre-authenticated request to another defenseless website application.

This becomes successful when a website has been lured into thinking that the user wanted to submit the said form since the request arrives using the cookies of the user’s browser.

The browser is then pushed into doing some antagonistic activities so as to give the attacker his desired opening.

And, as what has been observed by many security experts, cross-site request forgery may appear to be as dominating as the web application that is being targeted.

Javascript Button Hiding

This form of attack entails an automatic transmission of a cross-site form by a JavaScript.

There are times, however, that it is not necessary to have a JavaScript in order to have a wicked website coerce a user into submitting the malicious form to another website.

But then, the form fields may just be hiding and the buttons may also be masquerading as links and scrollbars.

cloud vulnerability scanner

wifi cracking

➤ Related pages
All Modules Included at 1 Price
Attack on Exchange Server?
Cross-site Request Forgery
Encyclopedia Part 2
Encyclopedia Part 3
Encyclopedia Part 4
Encyclopedia Part 5
Encyclopedia Part 6
Encyclopedia Part 7
Hyper V Virtual UTM Appliance
Security Point
VPN Firewall
WPA2 Encryption
What is ComboFix?
What is Denial-of Service Attack?
What is Diffie-Hellman Encryption?
What is Penetration Test?
What is Spanning Tree Protocol?
What is Tunneling Protocol?
What is War Dialing?
What is a 2.4 GHz Wi-Fi?
What is a Script Kiddie?
What is a Web Application Firewall?
What is an Elite Hacker?
What is the 5.8 GHz Wi-Fi?
WiFi Pen Test Appliance
Windows Operating System