CSRF also known as XSRF stands fro cross site request forgery.Exploiting a website cross site request forgery is the art of making an administrator or user with enough privileges do something malicious that you want. XSRF and CSRF Basics For example if i wanted to delete the member called knbykl.. I knew that the page to delete a user was “admin/deleteuser.php?user=†but i couldnt access it due to lack of privileges, i could then make a webpage (in any language) that redirected to the page “admin/deleteuser.php?user=knbyklâ€, now because im not admin i cant delete the user so i would need to get an administrator or someone with the correct privilges to do it for me. So i get an administrator to visit my web page that redirects them to ban the user knbykl. I have now used thier privileges for my benefit to delete the user knbykl, this isnt always taken seriously but could put your site in high danger. *** How to protect against CSRF *** Simpley to protect your website against CSRF all you have to do is check that the user has submited the form or visited the URL intentionally, to do this just add a confirmation e.g. Do you really want to ban this member, YES / NO. Hope you learnt the basics of CSRF Other facts: CSRF is pronounced “see surfâ€. Not too long ago a well known open source CMS was exploitable via CSRF on the admin panel allowing hackers to make admins ban themselvs. http://forums.digitalpoint.com/showthread.php?t=906721 -> NetDevilZ Technique CSRF Submited: xssvgamer The article address: http://www.knbykl.org/hacking/csrf-and-xsrf-basics/
The first and most-imporant step is to protect all forms of your website, no matter how unimportant they look like. It's not done many times, even in big projects... In the "sending" script generate the following code inside your <form> </form> tags: $_SESSION['token'] = uniqid(mt_rand(),true); echo '<input type="hidden" name="token" value="'.$_SESSION['token'].'"\">'; Code (markup): In the post "receiving" script do: if ($_SESSION['token']!=$_POST['token'] || !isset($_SESSION['token'])){ session_unset(); session_destroy(); echo "Invalid session</body></html>"; return; } Code (markup): As I said - first and most basic step. Usually hacks are more complicated scenarios, however this one will ensure you that the POST data is not coming from third party site, so your security checks cannot be altered by bad POSTs...
Hah, there's no real prevention scheme(s) developed for CSRF yet. In fact, the only solution is for Browsers to modify how they handle the signs of CSRF. The end user has to know common sense and some knowledge about these forms of attack, otherwise there is very little you can do besides modify how GET/POST variables operate on a web application.