A10:2021 | Server Side Request Forgery | Cross Site Request Forgery (2) | Cycubix Docs
CSRF with a GET request
This is the most simple CSRF attack to perform. For example you receive an e-mail with the following content:
<a href="http://bank.com/transfer?account_number_from=123456789&account_number_to=987654321&amount=100000">View my Pictures!</a>
If the user is still logged in to the website of bank.com this simple GET request will transfer money from one account to another. Of course in most cases the website might have multiple controls to approve the request.
PreviousA10:2021 | Server Side Request Forgery | Cross Site Request Forgery (1) | Cycubix DocsNextA10:2021 | Server Side Request Forgery | Cross Site Request Forgery (3) | Cycubix Docs
Last updated