Nytro Posted April 22, 2018 Report Posted April 22, 2018 Cross-Protocol Request Forgery Server-Side Request Forgery (SSRF) and Cross-Site Request Forgery (CSRF) are two attack methods that enable attackers to cross network boundaries in order to attack applications, but can only target applications that speak HTTP. Custom TCP protocols are everywhere: IoT devices, smartphones, databases, development software, internal web applications, and more. Often, these applications assume that no security is necessary because they are only accessible over the local network. This paper aims to be a definitive overview of attacks that allow cross-protocol exploitation of non-HTTP listeners using CSRF and SSRF, and also expands on the state of the art in these types of attacks to target length-specified protocols that were not previously thought to be exploitable. Download: https://www.nccgroup.trust/globalassets/our-research/us/whitepapers/2018/cprf-1.pdf Published date: 10 April 2018 Sursa: https://www.nccgroup.trust/us/our-research/cross-protocol-request-forgery/?research=Whitepapers 1 Quote
