- Look for areas in your application that will perform an action on the user's behalf, using their security context, in response to an HTTP GET request.
- Create a URL address for the malicious action to be performed. For example: http://malicious.com/[action]
- Create an email that contains HTML that references that URL address. For example, the img tag could be used
- Log into a valid testing account as the "victim".
- After successfully authentication has occurred, click on the malicious testing link in the email that was previously created.
- Observe the results. If the web server executed the request contained within the malicious email, a CSRF vulnerability was found!
This test makes use of the fact that the resources were available via the HTTP GET request. POST requests can also be vulnerable to CSRF, but these requests must be done using a scripting language that will auto-submit a form that includes the malicious tags.
One of the common mistakes that users make is that the CSRF attack will take advantage of the fact that many users forget to logout of web applications when they are finished using them. Doing this doesn't give the web applications a chance to clear their session IDs or other types of session information from the cookie, allowing the CSRF attack to be successful even when the user is not actively browsing vulnerable websites.
Please refer this link for more details http://www.owasp.org/index.php/CSRF
Posts
