Welcome Guest, Not a member yet? Register   Sign In
ABout CSRF feature: what is it for?
#1

I want to know about CSRF feature. What it for?

Maybe I misunderstand if that feature blocks someone for submitting data if he doesn't load the forms.
I mean stray user just POST data to server. It should be blocked.
While someone who load the form from server, then fills it, and submit it, will passed to the server.

Is that right?


I think server will remember the user who load the form. So it know if someone who sent the data is the one who load the forms.

Today I forged the POSTed data and my test server accept it. As long as CSRF hash included in form and sent cookien is same. Even just 'xyz' string is okay. I doesn't need to be hash
Reply
#2

It stops an attacker to submit a form as another user. So that they can't transfer all your money to their bank accounts.

You can find more information about it here:
https://owasp.org/www-community/attacks/csrf
https://en.wikipedia.org/wiki/Cross-site...st_forgery
Reply




Theme © iAndrew 2016 - Forum software by © MyBB