![]() ![]() In a CSRF attack, an innocent end user is tricked by an attacker into submitting a web request that they did not intend. Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user's browser. There are many ways in which a malicious website can transmit such commands specially-crafted image tags, hidden forms, and JavaScript XMLHttpRequests, for example, can all work without the user's interaction or even knowledge. Malicious website exploit where unauthorized commands are transmitted from a trusted userĬross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF (sometimes pronounced sea-surf ) or XSRF, is a type of malicious exploit of a website where unauthorized commands are submitted from a user that the web application trusts.
0 Comments
Leave a Reply. |