# CSRF

Allows an attacker to perform unauthorized actions on behalf of a victim user like changing the victim's password, making unauthorized purchases, or posting unwanted content via a POST request.

To exploit CSRF the target user has to be logged in to the target web application while visiting a malicious site in the same browser.

* if a user visits an attacker-controlled site, we can use JavaScript to send a POST request using the victim's cookies.

#### CSRF workflow

<figure><img src="https://1674729424-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FyzdFWSUijzVYOP1hAsit%2Fuploads%2FYULAZ350yqs5AauF840e%2Fimage.png?alt=media&#x26;token=b08145a9-7137-476c-b4d7-e404477d8d5d" alt=""><figcaption></figcaption></figure>

#### Example

Suppose an application allows users to change their email by submitting a form if the application is not protected against CSRF:

1. the attacker forces users to change their email to an attacker-controlled email
2. the attacker performs a password reset to change the users' password and take over their account
3. if there is no CSRF token, no authentication header, and the application fails to check the refer header,  perform a CSRF attack

<figure><img src="https://1674729424-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FyzdFWSUijzVYOP1hAsit%2Fuploads%2FckJRY1si2z9lZN1oKqEX%2Fimage.png?alt=media&#x26;token=33a98d0e-8490-48fc-860e-41ed90b0d919" alt=""><figcaption><p>Request vulnerable to CSRF</p></figcaption></figure>

4. create a proof of concept (POC) to prove that CSRF is possible:

<figure><img src="https://1674729424-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FyzdFWSUijzVYOP1hAsit%2Fuploads%2FPrtvoEYJThF8Jz0KOKLd%2Fimage.png?alt=media&#x26;token=714c5e0e-2690-4dd8-afa2-f6ec671b23da" alt=""><figcaption><p>POC</p></figcaption></figure>