Subscribe Feed (RSS)
Comments FeedCross Site Request Forgery (CSRF)
December 17th, 2007 by | Filed under Uncategorized.
Cross Site Request Forgery, known as CSRF is a type attack that uses the trust of a website to an user, to forge an illegal request or command. To brighten up you, let’s see this example :
Mr. Jo is a customer of Bank A. He signed up to e-Banking service a couple days ago. Zo is the attacker. In some way, Zo managed to trick Mr. Jo visits his site. The site contained an CSRF image that link to Mr. Jo e-Banking account panel, and it crafted a forgery request to transfer fund. Because Mr. Jo login cookies hasn’t yet expired, so the the e-Banking system executed the request. And Mr. Jo became a victim of CSRF attacks.
This can happen because of several factors :
- Mr. Jo didn’t completely log out from the e-Banking system
- CSRF bug on the e-Banking site
- Mr. Jo was tricked to visit a malicious site that was set by Mr. Jim
Here I provide you a live example of CSRF (No worries, it just log you out from your Gmail Account) : (more…)
[Read the rest on (it)gossips network: Zoiz]
Subscribe to Our FREE Newsletter Now:
Add New Comment
Thanks. Your comment is awaiting approval by a moderator.
Do you already have an account? Log in and claim this comment.
Add New Comment
Trackbacks
(Trackback URL)