CSRF/XSRF (Cross-Site Request Forgery)
Considering the importance of web applications, mistakes made during the development of these applications; may lead to theft, alteration of user information and unauthorized use. CSRFIt is one of the attack methods associated with these errors.
What is Cross-Site Request Forgery (CSRF/XSRF)?
CSRF, Cross-Site Request Forgery means "Cross-Site Request ForgeryIt comes from the abbreviation ". At the same time XSRF Also called. This attack method allows transactions to be performed at the request of the targeted end user. Although it is easy to prevent, the consequences can be very dangerous.
With the authorization of a user, transactions such as money transfer, sending e-mails, changing passwords, etc., are the transactions that can be performed using CSRF.
It is also known that every Cross-Site Request Forgery attack request is actually made by the end user.
How to Exploit System with XSRF Vulnerability?
With a user's account http://www.eymenshop.com Let's say you can shop at The form shown below is used to delete the products that the user left in the shopping cart.
The above HTML codes will create a button. Clicking this button will admin.php?process=Sepeticile will redirect you to the page. Items in the cart that must be purchased for the session will be deleted.
To exploit the offensive Cross-Site Request Forgery vulnerability www.siteofhacker.com
prepares a website.
<html> <iframe src=”http://eymenshop.com/admin.php?islem=token=ABC” width=”0″ height=”0″></iframe> </html> |
In accordance with the above ground, the attack takes place as follows:
- The user logs into the shopping system with his account and adds products to the cart.
- In the meantime, the attacker logs into the www.siteofhacler.com address he has prepared.
- The iframe code on the page works and the products in the cart are deleted.
A user's browser entering the attacker's site will face an authorization (session) issue as it makes a request to that address.
How to Fix Cross-Site Request Forgery Vulnerability?
In order to understand whether form requests are made by a user or third party software in web applications, the submissions must be verified by making form-specific definitions at the time the form is submitted.
With a user's account http://www.eymenshop.com Let's say you can shop at To delete the products that the user has put in his cart;
The above HTML codes will create a button. Create a random value between 0 and 9999999 with the definition in the PHP tag and this value $_SESSION["token"] will be defined as. At the same time, this value will be sent with the form. Clicking this button will redirect the user to admin.php, session control will be done and the process variable will be changed. “Delete Cart” And SESSION value defined as “csrf” The products in the basket will be deleted from the variable.
As a result, let's say that the attacker uses the following code on a web page to exploit the Cross-Site Request Forgery vulnerability.
<html> <iframe src=”http://eymenshop.com/admin.php?islem=token=ABC” width=”0″ height=”0″></iframe> </html> |
CSRF “input” The deletion will not be successful because it does not know the random number in the value and generated at that moment.
- The XSRF token key generated must be strong. Otherwise, the system may become vulnerable to CSRF attack with a predictable key.
- If you are developing an application with a structure such as Rails, enter the relevant controls. protect_form_forgery with:exception by adding XSRF It is possible to automatically add and control tokens against attacks.