Cross-site request forgery | Fluid Attacks Database

Database

Description

The applications configuration allows an attacker to trick authenticated users into executing actions without their consent.

Impact

Impersonate a user request to execute malicious actions in the application.

Recommendation

Use of tokens in forms to verify requests done by legitimate users.

Threat

Anonymous attacker from the Internet.

Expected Remediation Time

⏱️ 30 minutes.

Requirements

029 - Cookies with security attributes 174 - Transactions without a distinguishable pattern

Rules

C Sharp Csrf Protection Disabled Ruby Missing Csrf Protection Python Csrf Exempt Decorator Used Javascript Csrf Middleware Order Incorrect Php Csrf Protection Disabled Php Csrf Audit Unprotected Action Java Csrf And Xss Protection Disabled Typescript Csrf Middleware Order Incorrect Scala Csrf Headers Bypass

Fixes

Csharp Dart Go Java JavaScript/TypeScript Php Python Ruby Scala Swift