General Information

Same Domain Request Forgery

Variants:
Direct 

Vector Type:
Attack

Relevance:
Generic

Layer:
Application-Level

Platforms:
Any

Target Type:
Web Application

Affected Mechanisms:
Anti-CSRF, Secure Design

Invented In:
18/08/2010

Added In:
12/12/2014


Vector Operation Method:
Perform enhanced CSRF attacks by planting CSRF referrals in files included in the target web site, which may or may not already contain CSRF tokens.


Direct Variant:

SDRF

Also Known As:
Same Domain Request Forgery

Typical Severity:
Medium

Resources:

White Papers:

Learn More: