Cross-Site Request Forgery

Cross-Site Request Forgery

A Cross-Site Request Forgery, or CSRF, attack occurs when a malicious website, email, instant message, application, etc. causes a user’s web browser to perform some action on another website where that user is already authenticated, or logged in. Often this occurs without the user knowing the action has occurred. A successful CSRF exploit can compromise end user data and operation, when it targets a normal user. If the targeted end user is the administrator account, a CSRF attack can compromise the entire web application. The impact of a CSRF attack…

Read More

CRLF Injection

CRLF Injection

What is CRLF? When a browser sends a request to a web server, the web server answers back with a response containing both the HTTP headers and the actual website content. The HTTP headers and the HTML response (the website content) are separated by a specific combination of special characters, namely a carriage return and a line feed. They are also known as CRLF. The server knows when a new header begins and another one ends with CRLF, which can also tell a web application or user that a new…

Read More