Cross-site request forgery (CSRF) attacks send unauthorized commands from a user that a website trusts.
This attack contains a link or script in a page that accesses a website that the user is known to have authenticated.
This attack is also known as a blind attack. The attacker cannot see what the target website sends back to the victim in response to the forged requests, unless the attacker is using cross-site scripting or other bugs at the target website.
Signature name | Description | More information |
---|---|---|
HTTP_AuthResponse_Possible_CSRF | Detects a cross-site request forgery attempt.
(Also known as CSRF or XSRF attempts) This attack allows an attacker to send unauthorized commands to a web server or web application from a user that the server or application trusts. This type of attack usually requires the attacker to complete some type of social engineering to gain the trust of the web server or application. |
IBM® X-Force®: HTTP Cross-Site Request Forgery attempt detected |