Description
Cross-Site Request Forgery (CSRF, or XSRF) is a vulnerability wherein an attacker tricks a victim into making a request the victim did not intend to make. Therefore, with CSRF, an attacker abuses the trust a web application has with a victim's browser.
Acunetix found an HTML form which seems vulnerable to CSRF. Consult the 'Attack details' section for more information about the affected HTML form.
Remediation
Verify if this form requires anti-CSRF protection and implement CSRF countermeasures if necessary.
The recommended and the most widely used technique for preventing CSRF attacks is know as an anti-CSRF token, also sometimes referred to as a synchronizer token. The characteristics of a well designed anti-CSRF system involve the following attributes.
- The anti-CSRF token should be unique for each user session
- The session should automatically expire after a suitable amount of time
- The anti-CSRF token should be a cryptographically random value of significant length
- The anti-CSRF token should be cryptographically secure, that is, generated by a strong Pseudo-Random Number Generator (PRNG) algorithm
- The anti-CSRF token is added as a hidden field for forms, or within URLs (only necessary if GET requests cause state changes, that is, GET requests are not idempotent)
- The server should reject the requested action if the anti-CSRF token fails validation
When a user submits a form or makes some other authenticated request that requires a Cookie, the anti-CSRF token should be included in the request. Then, the web application will then verify the existence and correctness of this token before processing the request. If the token is missing or incorrect, the request can be rejected.
References
What is Cross Site Reference Forgery (CSRF)?
Cross-Site Request Forgery (CSRF) Prevention Cheatsheet
Related Vulnerabilities
WordPress Plugin Husker Portfolio Cross-Site Request Forgery (0.3)
WordPress Plugin Member Approval Cross-Site Request Forgery (131109)
WordPress Plugin WP-Live Chat by 3CX Cross-Site Request Forgery (8.0.37)
WordPress Plugin WordPress Backup and Migrate-Backup Guard Cross-Site Request Forgery (1.1.90)