Astute readers will notice that the Referer:
header is different with each request, although checking this header to prevent this type
of attack is not an effective defense, as you will learn a bit later in this chapter.
Finding Vulnerable Web Applications
We have demonstrated how a simple inclusion of an image tag can be used to hijack a
vulnerable web application. Unlike some other types of web vulnerabilities, this issue
may not be considered a ???bug??? introduced by flawed coding as much as an error of
omission. The developers of the GoatFriends application designed the application using
the simplest command structure as possible, possibly to meet goals of simplicity and
maintainability, and it was their lack of concern for cross-domain mechanisms of invoking
this method that caused the application to be vulnerable.
What Makes a Web Application Vulnerable?
The attack described above is commonly referred to as Cross-Site Request Forgery (CSRF
or XSRF), an URL Command Attack, or Session Riding. We will simply refer to it as
CSRF. So what constitutes an application that is vulnerable to CSRF? In our experience,
any web application that is designed without specific concern for CSRF attacks will have
some areas of vulnerability.
Pages:
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167