This type of attack sends unauthorized commands from a user that a web site trusts.
This attack contains a link or script in a page that accesses a web site that the user is known to have authenticated.
This attack is also known as a blind attack; the attacker cannot see what the target web site sends back to the victim in response to the forged requests, unless the attacker is using cross-site scripting or other bugs at the target web site.
Signature name | Description | More information |
---|---|---|
HTTP_AuthResponse_Possible_CSRF | Detects a cross-site request forgery attempt.
(Also known as CSRF or XSRF attempts) This attack allows an attacker to send unauthorized commands to a web server or web application from a user that the server or application trusts. This type of attack usually requires the attacker to perform some type of social engineering in order to gain the trust of the web server or application. |
IBM® X-Force®: HTTP Cross-Site Request Forgery attempt detected |