Cross-Site Request Forgery
Medium Web Application Scanning Plugin ID 98112
SynopsisCross-Site Request Forgery
DescriptionCross Site Request Forgery (CSRF) occurs when an authenticated user is tricked into clicking on a link which would automatically submit a request without the user's consent.
This can be made possible when the request does not include an anti-CSRF token, generated each time the request is visited and passed when the request is submitted, and which can be used by the web application backend to verify that the request originates from a legitimate user.
Exploiting requests vulnerable to Cross-Site Request Forgery implies different factors:
- The request must perform some sort of sensitive action.
- The victim must have an active session.
- The malicious user must make the victim click on a link to send the request without his consent.
Scanner detected a request, available only to authenticated users, where all parameters within are known or predictable. The request may therefore be vulnerable to CSRF attacks.
Manual verification may be required to check whether the submission will then perform a sensitive action, such as reset a password, modify user profiles, post content on a forum, etc.
SolutionUpdate the application by adding support of anti-CSRF tokens in any sensitive form available in an authenticated session.
Most web frameworks provide either built-in solutions or have plugins that can be used to easily add these tokens to any form. Check the references for possible solutions provided for the most known frameworks.