Dynamic Ajax CSRF
Variants:
Direct
Vector Type:
Attack
Relevance:
Technology Version Specific
Layer:
Application-Level
Platforms:
Any
Target Type:
Web Application
Affected Mechanisms:
Anti-CSRF, Secure Design
Invented In:
09/01/2012
Added In:
12/12/2014
Quick Introduction to the Topic:
Vector Operation Method:
Perform enhanced CSRF attacks while being able to read the target website responses due to the implementation of the intranet zone in Internet explorer, which is active by default in IE8 and below, and supported as an optional feature in other versions.
