General Information

Cross Site Request Forgery

Variants:
Direct 

Also Known As:
XSRF, Session Riding

Vector Type:
Attack

Relevance:
Generic

Layer:
Application-Level

Platforms:
Any

Target Type:
Web Application

Affected Mechanisms:
Anti-CSRF, Anti-Automation

Invented In:
13/07/2001

Added In:
17/12/2014

Quick Introduction to the Topic:


Vector Operation Method:
Malicious 3rd party websites can perform operations on behalf of users that surf other websites simultaneously, by referring the unsuspecting users to links in the external web site that perform operations on his behalf while the user is authenticated to the target website.


Direct Variant:

CSRF

Also Known As:
Cross Site Request Forgery

Typical Severity:
Medium

Learn More: