What is CSRF?
Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated. With a little help of social engineering an attacker may trick the users of a web application into executing actions of the attacker’s choosing. If the victim is a normal user, a successful CSRF attack can force the user to perform state changing requests like transferring funds, changing their email address, and so forth. If the victim is an administrative account, CSRF can compromise the entire web application.
How does CSRF Works?
There are two main parts to execute a Cross-Site Request Forgery (CSRF) attack:
1) The first part is to trick the victim into clicking a link or loading up a page. This is
normally done through
social engineering. By using social engineering methods attacker will lure the user to click the
link.
2) The second part is to send a “forged” or made up request to the victim’s browser. This link
will send a
legitimate-looking request to the web application. The request will be sent with the values that
the attacker wants.
Apart from them, this request will include any cookies that the victim has associated with that
website.
Severity
The severity of CSRF varies from P3 to P2 depending on what action is being performed. In cases where there is an account takeover the severity will be P2.
Exploiting CSRF
Make 2 accounts, one is of victim and another of attacker
Sign In with attacker account and generate a malicious link also called as CSRF POC
Send the PoC to the victim.
Sign In with the victim's account and open the link.
If successful i.e. data changes, BOOM you proved the web application vulnerable to CSRF.