Cross‐site request forgery is a class of attack that affects web based applications with a predictable structure for invocation. This class of attack has in some form been known about and exploited since before the turn of the millennium. It is also known as CSRF or XSRF. Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user’s browser.
Reflected vs. Stored CSRF
Similarly to Cross‐site scripting (XSS) vulnerabilities, CSRF vulnerabilities can be divided into two major categories: stored and reflected.
A stored CSRF vulnerability is one where the attacker can use the application itself to provide the victim the exploit link or other content which directs the victim’s browser back into the application, and causes attacker controlled actions to be executed as the victim. Stored CSRF vulnerabilities are more likely to succeed, since the user who receives the exploit content is almost certainly currently authenticated to perform actions. Stored CSRF vulnerabilities also have a more obvious trail, which may lead back to the attacker.
In a reflected CSRF vulnerability the attacker uses a system outside the application to expose the victim to the exploit link or content. This can be done using a blog, an email message, an instant message, a message board posting, or even a flyer posted in a public place with an URL that a victim types in. Reflected CSRF attacks will frequently fail, as users may not be currently logged into the target system when the exploits are tried. The trail from a reflected CSRF attack may be under the control of the attacker, however, and could be deleted once the exploit was completed.