Familiar with CSRF (Cross-site Request Forgery) and how exploitation


CSRF (Cross-site Request Forgery) is a hacking technique to gain control of an account or even a way to attack the web that are executed on the authority of the victim, without pleases.

Request forgery CSRF is a technique derived from a web page or a different site, when executed by the victim's home page will display a new account without the admin desired.

Many security loopholes found in a variety of CMS, CMS example vCalendar.



The author created a story so easy to understand, there is an admin have a site built with vCalendar, one day she logged into the administrator page.



After the admin login and enter the user options menu it will show the user on the site.



Seen there are 3 pieces account, at that time were also asked by someone his friend to open a web page.



When the admin to click all of a sudden appeared a list of a user to login page.



With the addition of a user automatically to the administrator page, then his friend who trapped the admin can login with that account.

You can leave a response, or trackback from your own site.

2 Response to "Familiar with CSRF (Cross-site Request Forgery) and how exploitation"

  1. sbobet says:

    sbo
    sbobet

    sbobet says:

    account or even a way to attack the web that are executed on the authority of sbo
    sbo
    the victim, without

Post a Comment

Powered by NGELIH