Cross-site request forgery (CSRF) attacks

Cross-site request forgery (CSRF) attacks send unauthorized commands from a user that a website trusts.

About this attack

This attack contains a link or script in a page that accesses a website that the user is known to have authenticated.

This type of attack has the following common characteristics:
  • Involves websites that rely on a user's identity
  • Exploits the trust of the website in that identity
  • Tricks the user's web browser into sending HTTP requests to a target site
  • Involves HTTP requests that have adverse effects

This attack is also known as a blind attack. The attacker cannot see what the target website sends back to the victim in response to the forged requests, unless the attacker is using cross-site scripting or other bugs at the target website.

Signatures triggered by this attack

The signatures that are triggered by cross-site request forgery attacks include:
Table 1. Cross-site request forgery signatures
Signature name Description More information
HTTP_AuthResponse_Possible_CSRF Detects a cross-site request forgery attempt. (Also known as CSRF or XSRF attempts)

This attack allows an attacker to send unauthorized commands to a web server or web application from a user that the server or application trusts. This type of attack usually requires the attacker to complete some type of social engineering to gain the trust of the web server or application.

IBM® X-Force®: HTTP Cross-Site Request Forgery attempt detected