Cross-site request forgery (CSRF/XSRF)

CSRF ("sea-surf"). Example:
/* from */
        <img alt="you have just been signed out" src="" />
What's going on? You just requested an image and it signed you out of How does it work? You visit a malicious site that has the tag. Technically you are requesting the sign out page and provide the proper authentication (that is, without crossing domains). Because you requested the page, you have been signed out. More The tag is one example. A form and data can be submitted. An iframe can be requested ().
This post is available on GitHub.
Posted .


Leave a Reply