There's been a lot of talk of lately about the 'new' Cross Site Request Forgery (CSRF) vulnerabilities that are apparently present in nearly every web application in the world. The fact that big name websites (read: yahoo & google) have this vulnerability make people even more scared.
If you rewind back a couple years, Cross Site Scripting (XSS) was supposedly all the rage, but people weren't getting nearly as concerned about that vulnerability. In fact, to this day many people don't take XSS seriously. This baffles me to know end because XSS is, at the very least, as exploitable and dangerous as CSRF.
The requirements for a successful XSS exploit requires the following:
1. XSS vulnerability existing on the application (preferably before login).
2. A method to induce the execution of a script (eg. phishing email).
3. An effective script to steal user information.
The requirements for a CSRF exploit are in fact more stringent:
1. A form that is vulnerable to CSRF.
2. A method to induce execution of the request.
3. A successful form submission method.
4. A vulnerable form that provides an attacker with a useful attack vector.
5. Access to the form (since forms often exist after login).
This last 2 requirement is what makes CSRF attacks more challenging. Most useful forms like account transactions, shopping cart checkouts and change password/email forms exist after a user has logged in to an account. So to perform an attack on these types of forms, the attacker must know that the victim is logged into an application. This is a challenging certainty to induce!In fact I think that the only common form outside of a login that is susceptible is a 'forgot password' type form where an attacker could potentially lockout users.
While I do believe that CSRF attacks can be very very harmful, I just think that they are harder to actually exploit and web application owners have to be wary about what the form does and where it is located before declaring that their application is truly vulnerable to CSRF. Secdurity professionals just need to be a little bit more careful before they get caught up in the hype.
- Prashanth Ravishankar
They are both dangerous attacks but you seem to be implying that it is harder because of authentication schemes that protect the forms. In the majority of web applications sending a request to site.com/vulnerable_but_protected_by_login?XSS will first forward the user to a login page before relaying them to the exact page that contained the attack vector upon succesful login, thereby executing the payload.
Posted by: Martin | May 16, 2007 at 04:05 AM
Very interesting article. CSRF is a worrying issue and I've taken precautions
Posted by: Anonymous | December 06, 2008 at 03:40 AM
wow.. very nice info thanks!!!!
Posted by: Cheap Tadalafil | April 30, 2009 at 06:45 PM
i really like this post...
Posted by: buy kamagra | April 30, 2009 at 10:27 PM
This was a double-blind, placebo-controlled, crossover study in 150 male subjects at least 40 years of age and receiving daily doses of 20 mg or matching placebo for 7 days.
Posted by: Buy Sildenafil Citrate Online | May 12, 2009 at 08:33 AM
Secdurity professionals just need to be a little bit more careful before they get caught up in the hype.
Posted by: Online pharmacy | June 17, 2009 at 08:36 AM
nice post ,XSS is i think would be more dangerous.
Posted by: buy kamagra online | July 29, 2009 at 04:17 AM
Secdurity professionals just need to be a little bit more careful before they get caught up in the hype.
Posted by: Online Pharmacy | August 12, 2009 at 09:22 AM
Good review, thanks.
Posted by: us drugstore | September 12, 2009 at 11:33 PM
excellent article!!!
Posted by: Health at Work | September 14, 2009 at 10:34 AM
Hello
You may walk away from the beach with a suntan, but that's not all you're getting. Excessive sun exposure is responsible for most of the Skin Sun Damage. associated with aging. This damage accumulates slowly over time and starts at an early age.
Posted by: Skin Sun Damage | September 14, 2009 at 10:52 AM
You have to be very careful with XSS because it is very complicated
Posted by: breast augmentation surgery | September 14, 2009 at 04:00 PM
Thats useful preventive post, you're right.
Posted by: Viagra Online | September 18, 2009 at 12:08 PM
WOWWWW!!! Good Review...
Posted by: Nervous System | September 18, 2009 at 03:55 PM
You will notice that XL's Viagra Canada and the rest of the brands we sell work quickly and efficiently accomplishing the effects desired: Hard, long erections that make erectile dysfunction a story of the past, welcoming a new life of sexual satisfaction.
Posted by: Buy Viagra | September 21, 2009 at 08:47 AM
great post!!!
i like it very much, thank you for the information!!
Posted by: Headache Migraine | September 23, 2009 at 08:18 AM
thank you for sharing this information with us, you are very kind. This information is awesome!
thank you!
tati
Posted by: Generic Cialis Online | October 14, 2009 at 10:39 AM
halo!!!
hey i read your blog, and can tell you is very interesting-..-
thank you for sharing this info with us!!
cheryl
Posted by: Skin Care Age | October 14, 2009 at 03:28 PM
I think that CSRF is more dangerous.
Posted by: Skin Damage | October 14, 2009 at 03:40 PM
lovely site! i have read your article and I found it so amusing!
charles
Posted by: Single Father | October 16, 2009 at 08:34 AM
I think CSRF attacks are definitely more challenging!
thank you for this information!
debra
Posted by: Buy Vardenafil | October 16, 2009 at 12:34 PM
Interesting information I like to know more about XSS vs CSRF to have a best information.
Posted by: Health Wellness | October 26, 2009 at 08:30 AM
Hello
I like your information. I was looking information like that but I find it today and I feel very happy.
Posted by: Online pharmacy no prescription | October 27, 2009 at 02:20 PM
Very interesting information, thanks for show the requirements.
Posted by: No Prescription Needed | October 27, 2009 at 03:26 PM
Hello
Great post thanks for sharing a informative article keep it up.
Posted by: Erect Penis | October 29, 2009 at 08:27 AM