What is this type of attack (that can use either HTTP GET or HTTP POST) called?

August 20, 2021 by Admin

An attacker changes the profile information of a particular user (victim) on the target website. The attacker uses this string to update the victim’s profile to a text file and then submit the data to the attacker’s database.

<iframe src=”http://www.vulnweb.com/updateif.php” style=”display:none”></iframe>

What is this type of attack (that can use either HTTP GET or HTTP POST) called?

Cross-Site Scripting
Cross-Site Request Forgery
SQL Injection
Browser Hacking

Explanation:
Cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF (sometimes pronounced sea-surf) or XSRF, is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the website trusts.
Different HTTP request methods, such as GET and POST, have different level of susceptibility to CSRF attacks and require different levels of protection due to their different handling by web browsers.

An attacker changes the profile information of a particular user (victim) on the target website. The attacker uses this string to update the victim’s profile to a text file and then submit the data to the attacker’s database.

<iframe src=”http://www.vulnweb.com/updateif.php” style=”display:none”></iframe>

What is this type of attack (that can use either HTTP GET or HTTP POST) called?

Please Share This Share this content

Leave a Reply Cancel reply

Pass IT Certifications Get 10% Discount

Share this content

Pass IT Certifications
Get 10% Discount