Cross Site Request Forgery attack is represented by different terminologies e.g One-Click Attack, Session Riding and CSRF or XSRF.
CSRF & XSS
While we had learnt about Cross Site Scripting (short for XSS), let’s try to learn the different between cross site request forgery and cross site scripting.
In XSS, an attacker exploits the trust a user has for a particular web server.
In CSRF, an attacker exploits the trust a site has on a particular user’s browser.
Attack with CSRF
Consider a normal password change option on a webpage.
In this example, the user enters the password in the respective fields.
This request is then sent and processed by the web server and gets updated in the database. The web server now updates the change to the user.
The response URL confirms the changed password and holds the new password in clear text.
Now see how an attacker exploits this to perform CSRF attack.
The attacker changes the password on the password change URL and copies it.
He then crafts the script with the link embedded behind an image and injects the code in the same page with XSS vulnerability.
The web server processes the request and creates a new entry in the database.
When an innocent user for example admin opens page and clicks on the image, the change password request is sent to the web server.
The web server in return processes the request and updates the existing entry in the database. This results in password change of user admin with which an attacker accesses admin’s account.
This action of exploiting the trust, that a server has on a user’s request is called Cross Site Request Forgery [CSRF or XSRF].
CSRF attacks target functionality that causes a state change on the server, such as changing the victim’s email address or password, or purchasing something. Forcing the victim to retrieve data doesn’t benefit an attacker because the attacker doesn’t receive the response, the victim does. As such, CSRF attacks target state-changing requests.