What is Cross-Site Request Forgery?

What is Cross-Site-Request-Forgery?

What is Cross-Site Request Forgery? – A Cross-Site Request Forgery, or CSRF, attack occurs when a malicious website, email, instant message, application, etc. causes a user’s web browser to perform some action on another website where that user is already authenticated, or logged in. Often this occurs without the user knowing the action has occurred. A successful CSRF exploit can compromise end user data and operation, when it targets a normal user. If the targeted end user is the administrator account, a CSRF attack can compromise the entire web application.…

Read More

What is CRLF Injection?

What is CRLF Injection?

What is CRLF? When a browser sends a request to a web server, the web server answers back with a response containing both the HTTP headers and the actual website content. The HTTP headers and the HTML response (the website content) are separated by a specific combination of special characters, namely a carriage return and a line feed. They are also known as CRLF. The server knows when a new header begins and another one ends with CRLF, which can also tell a web application or user that a new…

Read More