© Sanjib Sinha 2019
S. SinhaBug Bounty Hunting for Web Securityhttps://doi.org/10.1007/978-1-4842-5391-5_3

3. How to Inject Request Forgery

Sanjib Sinha1 
(1)
Howrah, West Bengal, India
 

In this chapter, we will look into every aspect of Cross-site Request Forgery (CSRF), as it is regarded as one of the top ten security vulnerabilities in any web application. CSRF is a very common attack; it tricks the victim into submitting a malicious request; after that, the attacker inherits all the identity and privileges of the victim, allowing the attacker to perform illegal actions on the victim’s behalf.

In this chapter, we will not only learn about CSRF, but also we will test a few types of CSRF attacks on some intentionally vulnerable web applications to ...

Get Bug Bounty Hunting for Web Security: Find and Exploit Vulnerabilities in Web sites and Applications now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.