Major web sites are vulnerable to CSRF flaws
usrbingeek | Oct 03, 2008 | 0 comments
The New York Times; ING Direct, a U.S. savings bank; Google’s YouTube; and MetaFilter, a blogging site are alleged to be vulnerable to CSRF (cross-site request forgery,) reports InfoWorld.
Two Princeton University academics have found a type of coding flaw on several prominent Web sites that could jeopardize personal data and in one alarming case, drain a bank account.
The type of flaw, called CSRF (cross-site request forgery), allows an attacker to perform actions on a Web site on behalf of a victim who is already logged into the site.
The type of flaw, called CSRF (cross-site request forgery), allows an attacker to perform actions on a Web site on behalf of a victim who is already logged into the site.
To exploit a CSRF flaw, an attacker has to create a special Web page and lure a victim to the page. The malicious Web site is coded to send a cross-site request through the victim’s browser onto another site.
Yet another thing to look out for when coding web pages and it also proves that vulnerability assessments are incredibly important.
[Prominent Web sites have serious coding flaw]
Filed Under: Tech News
