Cross-Site Request Forgery

Medium Web Application Scanning Plugin ID 98112

Synopsis

Cross-Site Request Forgery

Description

Cross Site Request Forgery (CSRF) occurs when an authenticated user is tricked into clicking on a link which would automatically submit a form without the user consent.
This can be made possible when the form does not include as a hidden input a anti-CSRF token, generated each time the form is visited and passed when form is submitted, and which can be used by web application backend to verify that the request originates from a legitimate user who had to fill the form prior to submitting it.
Exploiting forms vulnerable to Cross-Site Request Forgery imply different factors:
- The form must perform some sort of sensitive action.
- The victim must have an active session.
- The malicious user must make the victim click on a link to submit the form without his consent.
Scanner detected a form, available only to authenticated users, where all parameters within are known or predictable. The form may therefore be vulnerable to CSRF attacks.
Scanner detected a form, available only to authenticated users, where all parameters within are known or predictable. The form may therefore be vulnerable to CSRF attacks.
Manual verification may be required to check whether the submission will then perform a sensitive action, such as reset a password, modify user profiles, post content on a forum, etc.

Solution

Update the application by adding support of anti-CSRF tokens in any sensitive form available in an authenticated session.
Most web frameworks provide either built-in solutions or have plugins that can be used to easily add these tokens to any form. Check the references for possible solutions provided for the most known frameworks.

See Also

https://symfony.com/doc/current/form/csrf_protection.html

Plugin Details

Severity: Medium

ID: 98112

Type: remote

Published: 2017/03/31

Modified: 2017/10/16

Risk Information

Risk Factor: Medium

Reference Information