Application Security · Flashcard

How does a cross-site request forgery (CSRF) attack work?

  • AA malicious page makes the victim's browser send an authenticated request to a target site
  • BA malicious page reads the victim's session cookie and replays it against the target site
  • CA malicious page injects a script into the target site that runs in the victim's session
  • DA malicious page intercepts the victim's request and rewrites it before it reaches the site

Why this is the answer

CSRF abuses the browser automatically attaching credentials, causing an unwanted authenticated action. It does not read the cookie (SOP/HttpOnly prevent that — that would be theft), it does not inject script (that is XSS), and it does not sit in the network path (that is MITM).

Official docs
Study in Gnoseed →