Chapter 4

Cross-Site Request Forgery

Cross-site request forgery (CSRF) is a common web attack, but many developers do not know it well. CSRF is very destructive and also the most easily overlooked attack in web security; many engineers do not quite understand its preconditions and hazards.

4.1 Introduction

What is CSRF? Let us look at an example.

In Chapter 3, we used an example, “delete Sohu blog,” while talking about XSS payload. After logging on to the Sohu blog, you only need to request the following uniform resource locator (URL), and you will be able to delete blog post no. 156713012.

http://blog.sohu.com/manage/entry.do?m=delete&id=156713012

This URL is also vulnerable to CSRF. We will try to exploit this CSRF vulnerability to delete ...

Get Web Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Web Security by Hanqing Wu, Liz Zhao

Cross-Site Request Forgery

4.1 Introduction

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly