Ethical Experts
Ethical Experts

A Community Dedicated to Helping and Learning . Here You Will Get Hacking Tutorials and Monetizing Methods . We Hope You Have a Pleasant Stay
 
HomeHome  SearchSearch  FAQFAQ  RegisterRegister  Log in  
Still Currently working on the forum design, until I find a perfect design that can sit there for the whole life :p .. Please Bare with us if you see the design change while / after you refresh a page or return ! Sorry for the Inconvenience ~!
Search
 
 

Display results as :
 
Rechercher Advanced Search
Latest topics
» Hack Pack : Largest Hacking Tools Collection
Tue Apr 28, 2015 9:35 am by THE-OUTSIDER

» Hi everyone!
Fri Nov 07, 2014 11:24 pm by zekrum

» Hacking Email ID's
Thu Sep 25, 2014 7:22 pm by NAVEEN KUMAR . S

» entering in a computer binary
Sat Sep 20, 2014 1:29 pm by erosh23

» hi hackers
Sat Sep 20, 2014 1:26 pm by erosh23

» Introduce Yourself !
Sat Sep 20, 2014 1:23 pm by erosh23

» Hello guys
Wed Jul 30, 2014 10:52 pm by RZero67

» need botnet like zues Betabot or any good botnet files please admin help me
Fri Jul 25, 2014 9:44 pm by sire_roktiv

» Extension Spoofer v0.1 [Beta Release]
Fri Jul 11, 2014 9:33 am by The Joker

Most Viewed Topics
Hack Pack : Largest Hacking Tools Collection
HACK WIFI PASSWORD USING CMD WHEN YOU ARE CONNECTED WITH WIFI
Hack Your BroadBand !! RISK FREE !!
How to Hack the Windows Admin Password Using OphCrack in Backtrack tutorial
Hacking With Keyloggers Prorat
How to Get Unlimited time in an Internet Cafe ... :D
Cracking a WPA/WPA-2 Password.. ;)
How to Hack Websites & Servers - Tutorial
Backtrack and Facebook
Credit Card Generating Sequence
Keywords
netcat
Facebook Like
Similar topics

Share | 
 

 CSRF (Cross Site Request Forgery)

View previous topic View next topic Go down 
AuthorMessage
thedhruvsoni
Team IHA Admins
Team IHA Admins
avatar

Posts : 11
Join date : 2013-10-12

PostSubject: CSRF (Cross Site Request Forgery)   Mon Oct 21, 2013 1:03 am

CSRF (Cross Site Request Forgery)
CSRF stands for Cross Site Request Forgery. It is a method used by an attacker to trick a user into loading a page that contains a malicious request written in the form of codes. This type of attack can be preformed to change a user’s email id, password, name or any other field or even make a purchase in some typical cases. There is no way any site can differentiate between pure request and forged request because this attack is performed when the victim is logged on and the victim clicks on some areas which have been manipulated by the attacker. The malicious script gets executed away from the user vicinity from un-trusted source, which is uploaded by the hacker. This type of attack can lead to leak of many sensitive data stored in the server like Credit Card Details or Bank Details.

These are the HTML methods that can be used for performing this type of attack:
IMG SRC
<img src="http://www.vulnerable.com/?command">

SCRIPT SRC
<script src="http:// www.vulnerable.com /?command">

IFRAME SRC
<iframe src="http:// www.vulnerable.com /?command">

Javascripts can also be used in the following manner:

<script>
var fool = new Image();
fool.src = "http://www.vulnerable.com/?command";
</script>

Example:
<iframe src="https://bank.com/apps/Fund_transfer?amt=1500&DstnAcc=143554659" >

The above link is placed in the vicinity of the victim by the attacker. When the victim clicks on the particular link, a mount of 1500 is automatically transferred from the victim’s account without even his knowledge to the given destination account number. This type of attack largely occurs on sites that depend and blindly believe the web browser session if the user. So, even if a user somehow gets into the session of another user (victim), the attacker can do anything he wants from there. So, these types of attacks are very dangerous. And, if the inserted malicious code gets stored in the server, then this attack becomes even more dangerous because every time the victim somehow runs the code, the attack keeps on going.

Even, the Youtube site has been reported against this type of vulnerability.
Back to top Go down
View user profile
 
CSRF (Cross Site Request Forgery)
View previous topic View next topic Back to top 
Page 1 of 1
 Similar topics
-
» image edit request please read
» Response_Code = -1 Error_Message = Request Error
» How to capture an AJAX request with SeleniumRC test?
» Site Aesthetic Improvements
» Jual Arwana Cross Back Malaysia 20 cm , Welcome Reseller...!!

Permissions in this forum:You cannot reply to topics in this forum
Ethical Experts :: Hacking Section :: Hacking Tutorials-
Jump to: