Let me explain what CSRF is.... Let us assume A is an attacker and V is a victim.
V is a privileged user to do certain transaction for example: creating a user account. Once he logs into his account, he fills the user registration form and submit. Then the link might be like some thing like the below: http://test.com/register.php?username=admin&pass=admin123&level=1 register.php page validates the session and creates the user account. As A doesn't have the same privileges to create the account, he sends the link to V as a phishing mail. http://test.com/register.php?username=attacker&pass=attack123&level=1 If V clicks on the link, the server uses V's session and creates the user account... Thats what A is need.. He did it. Regards, Naresh Ramagiri On Tue, Mar 29, 2011 at 11:53 AM, N41K <[email protected]> wrote: > Hi Arun, > > For initial understanding > > CSRF - Cross Site Reference Forgery; the output of this concept turn > out to be unauthorized activity let it be either in terms of Bank > Applications or any Database supported applications. In CSRF the > Server end modifications are observed not as in XSS. > > Just go through the below links: > http://www.securitytube.net/video/196 > http://www.securitytube.net/video/935 > > Let us know if more info is required. > > Else, start a discussion by raising your doubt in technical terms, > which would be more effective for u. > > Cheers, > 0xN41K > > On Mar 29, 9:43 am, cute boy <[email protected]> wrote: > > Hi Geeks, > > > > As, I came to know that this group contains a large number of security > > persons ,and I hope my doubt is clarify Here ,Actually > > > > I wanted to know what is CSRF ? How we can test csrf in application > security > > ? what are the limitations and mitigations of csrf ? plz it is urgent > > ......... > > > > Regards, > > Arjun, > > -- > You received this message because you are subscribed to the Google Groups > "nforceit" group. > To post to this group, send an email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/nforceit?hl=en-GB. > > -- You received this message because you are subscribed to the Google Groups "nforceit" group. To post to this group, send an email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/nforceit?hl=en-GB.
