Byte-ul Posted August 9, 2014 Report Posted August 9, 2014 What is it?CSRF is a method of attack where a victim unknowingly sends forged requests, set up by an attacker. They have the potential to occur upon any actions that haven't been verified through a validation process. Without taking specific measures to intentionally prevent CSRF, users of a web application can be directed to another web page and unintentionally load a image or a javascript-submitted form to execute a specific action in the background.How do I prevent it?The solution to tackle this attack type is to use a*security feature known as a nonce, where a unique token is passed through the request URI (via the HTTP GET method), which is then validated by requested script on the other end with a session variable.Here's a quick example to demonstrate:index.php<?phpsession_start();$_SESSION['nonce']*=*bin2hex( openssl_random_pseudo_bytes(10));?><!DOCTYPE*html><html><body><a*href="action.php?do=delete&id=1&tok=<?php*echo*$_SESSION['nonce'];*?>">Delete*Something</a></body></html>action.php<?phpsession_start();if(isset($_GET['tok'])*&&*$_GET['tok']*===*$_SESSION['nonce']) { #valid*request}The above gives a URI example of a HTTP GET request used to perform an action. The unique token (in the session variable) is echoed out so that it's in the URI link when the users clicks it on the index.php page, making the link valid only on that page (when they legitimately want to use that action). If the link is used without the request token, then the action is deemed invalid and is not carried out.Credits: http://www.hackforums.net/showthread.php?tid=4238146 Quote
