CSRF | XSRF Cross-Site Request Forgery

Monk who eats wine

Brief Introduction:

Today we will talk about Cross Site Request Forgery ). This vulnerability is common on the Internet. A license is used to send an HTTP request to the website by a victim, and then record and trust the user in this way.

In this way, attackers need to construct malicious HTML and JAVASCRIPT code. It is intended for a victim to access this website to perform some of the actions we previously placed. This is a complex proof of CSRF attack!

This session transmission can be easily accepted by Html behaviors and Markup languages, as does BBcode.

About Certification:

Generally, when a user logs on to a trusted site, the verification system uses the "identifier" to mark the user, tell the website system that the current user is verified and can access some reserved pages and services.

These "identifiers" are used to implement and create Cookies and Sessions. Generally, some HASH and encoded numbers are generated, and each user is strictly identified.

This user will log on to the WEB site with his own certificate at any time, which indicates that a new Sessions will be generated. At the same time, an attack will easily overdo all authority in the "Ward" of the WEB site.J

This does not seem to be a dangerous thing, because only one idiot user can accept requests of any type. Never underestimate the power of such cute Cookies.

For most XSS, Cookies are the best attack targets, because a license is an immediate access to any type of confidential and dedicated services, and a user has the following privileges: this is more powerful for CSRF, because disfruts current Sessions cannot be easily avoided. It is assumed that this site does not provide temporary Cookies.

Difference: Between XSS and CSRF:

In fact, what is the actual difference between XSS and CSRF? This looks very similar.

In fact, they are quite similar, but there is a core difference that differentiates the two weaknesses.

In the XSS vulnerability, users fully trust the website and submit some deceived information to attackers (taking Cookies as an example ).

In the CSRF vulnerability, the website trusts a user's request and completes any type of behavior. In this way, the "authentication mark" in some forms submitted will be exploited by attackers. This indicates that a user is logged in and has the corresponding permissions.

A simple form of CSRF is shown below:

Trusted <----- flag -----.

. --------... -------... ----- | --------.

| ATTACKER | _____ | USER | _____ | WEBSITE |

'---------- 'Tricks' ------ '(request )'---------'

| "_/|

|

'---------------------------------------------'

The website accomplishes the request

As we can see, this form is a reverse XSS (the site trusts the user's identity and authorizes the user .) The user's request is fairly completed, which is a fuzzy authentication.

The point is that this attack request is sent to the WEB site by the user, rather than the attacker, which makes the vulnerability more dangerous!

In-depth understanding of CSRF:

Okay, now we need to know what CSRF is. Let's start with some small examples.

Make sure that this example is a special project that the user agrees with the website. It may be to provide some monetary transactions: When this user logs on, the server will create a cookie and Sessions, indicating that the user can access some of his own private pages.

In addition, make sure that this WEB site may be an "e-banking service" that provides an HTML Method for executing money transactions. The code will look like:

1<! -- Scratch of a form --> 2 <FormMethod= "POST"Action= "Sendmoney. php"Name= "Sendmoney"> 3<Div>How much:<InputType= "Text"Name= "Cash"> </Div> 4<Div>To:<InputType= "Text"Name= "Toname"> </Div> 5<Div>ABI:<InputType= "Text"Name= "Toabi"> </Div> 6<Div>CAB:<InputType= "Text"Name= "Tocab"> </