Next: History Up: Cross-Site Request Forgeries Previous: Contents Contents
CSRF is not a bug, it live on a normal web explorer behavior to perform HTTP requests.
Basicaly, by using tags like IMG, browsers will perform an HTTP GET request
on the URL spefied by the SRC property, letting the user unaware of the action
he performed. Even if it's not an image, it will display a broken image,
depending on what is allowed (width/height, css properties), hidden. But the
server still be accessed. This means that the user can call CGI scripts with GET
parameters inside img tags without noticing. It could force the user, viewing
malicious images tag, to do anything like updating their profile, post messages,
send emails, ...
At any time you can get a user to send HTTP GET requests whith that user's
credentials, to any website you want, which is a particular danger when he's an
administrator. The user executing the malicious request will of course be
authentified by his own credentials (cookies stored).