Cross-site request forgery (CSRF) attacks

This type of attack sends unauthorized commands from a user that a web site trusts.

About this attack

This attack contains a link or script in a page that accesses a web site that the user is known to have authenticated.

This type of attack has the following common characteristics:
  • Involves web sites that rely on a user's identity
  • Exploits the trust of the web site in that identity
  • Tricks the user's web browser into sending HTTP requests to a target site
  • Involves HTTP requests that have adverse affects

This attack is also known as a blind attack; the attacker cannot see what the target web site sends back to the victim in response to the forged requests, unless the attacker is using cross-site scripting or other bugs at the target web site.

Signatures triggered by this attack

The signatures triggered by cross-site request forgery attacks include:
Table 1. Cross-site request forgery signatures
Signature name Description More information
HTTP_AuthResponse_Possible_CSRF Detects a cross-site request forgery attempt. (Also known as CSRF or XSRF attempts)

This attack allows an attacker to send unauthorized commands to a web server or web application from a user that the server or application trusts. This type of attack usually requires the attacker to perform some type of social engineering in order to gain the trust of the web server or application.

 IBM® X-Force®: HTTP Cross-Site Request Forgery attempt detected
Parent topic: Web application protection categories