Description
No Anti-CSRF tokens were found in the HTML submission form, making it vulnerable to Cross-Site Request Forgery (CSRF). CSRF attacks trick victims into sending HTTP requests to a target site without their knowledge, exploiting the trust a website has in a user. This is often due to predictable URL/form actions.
CSRF attacks can be effective when:
- The victim has an active session on the target site.
- The victim is authenticated via HTTP auth on the target site.
- The victim is on the same local network as the target site.
CSRF can also lead to information disclosure, especially if the target site is vulnerable to XSS, as XSS can facilitate CSRF attacks within the same-origin policy. CSRF is also known as XSRF, one-click attack, session riding, confused deputy, and sea surf.
Recommendation
Implement anti-CSRF tokens in all forms and requests that modify state on the server. Ensure tokens are unique per session and validated on the server-side. Use secure, random token generation and include them in both the request payload and HTTP headers. Additionally, configure the server to reject requests lacking a valid CSRF token.
