Chapter 4
Cross-Site Request Forgery
Cross-site request forgery (CSRF) is a common web attack, but many developers do not know it well. CSRF is very destructive and also the most easily overlooked attack in web security; many engineers do not quite understand its preconditions and hazards.
4.1 Introduction
What is CSRF? Let us look at an example.
In Chapter 3, we used an example, “delete Sohu blog,” while talking about XSS payload. After logging on to the Sohu blog, you only need to request the following uniform resource locator (URL), and you will be able to delete blog post no. 156713012.
http://blog.sohu.com/manage/entry.do?m=delete&id=156713012
This URL is also vulnerable to CSRF. We will try to exploit this CSRF vulnerability to delete ...
Get Web Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.