O'Reilly logo

Web Security by Hanqing Wu, Liz Zhao

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 4

Cross-Site Request Forgery

Cross-site request forgery (CSRF) is a common web attack, but many developers do not know it well. CSRF is very destructive and also the most easily overlooked attack in web security; many engineers do not quite understand its preconditions and hazards.

4.1 Introduction

What is CSRF? Let us look at an example.

In Chapter 3, we used an example, “delete Sohu blog,” while talking about XSS payload. After logging on to the Sohu blog, you only need to request the following uniform resource locator (URL), and you will be able to delete blog post no. 156713012.

http://blog.sohu.com/manage/entry.do?m=delete&id=156713012

This URL is also vulnerable to CSRF. We will try to exploit this CSRF vulnerability to delete ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required