DEVIL'S BLOG ON SECURITY


A DEVIL'S BLOG ON COMPUTER AND INFORMATION SECURITY, ETHICAL HACKING AND COUNTERMEASURES


Learn Ethical Hacking | Learn Hacking Online | Learn How To Hack|Hack Counter Hack| Ethical Hacking Tutorials


Home   ||   See All Tutorials  ||   Products  ||   About This Blog   ||  Subscribe To RSS Feed



Join facebook group THE HACKER DEVIL


Forced Browsing Attack

Forced Browsing Attack



Forced browsing is XSRF attack in which a user is forced to browse a content without his/her knowledge. For example on this blog you can see several advertisements, all of them are real time examples of forceful browsing because you can't control their existence while browsing to this blog. A site is called vulnerable to forced browsing XSRF attack if it processes a request directly without notifying a user. For example consider a website www.victimsite.com is vulnerable to forced browsing XSRF attack. Now suppose you want to buy Bit Defender anti-virus from www.victimsite.com so when you click add to cart button on website, it will process your request by URL which might appears something like this,

Cross Site Request Forgery | CSRF | XSRF Attacks The Basics

Cross Site Request Forgery | CSRF | XSRF Attacks The Basics


Cross Site Request Forgery also known as XSRF and many people also call it CSRF. XSRF attacks forces victim's browser to perform a task or make a request which will be beneficial to attacker. The request is surely made without knowledge of user and since request is made from victim's browser it is not held as illegal action. At some level we can say that XSRF is mix up of XSS and frame injection attack. XSRF attacks are beneficial for attacker to make victim unintentionally transfer money to attackers bank account or Paypal account, buy stocks from share markets etc. The problem is that no firewall or intrusion detection system will alarm about forgery since request will be made from victim's browser.

Frame Injection Flaws

Frame Injection Flaws



Frame Injection is vulnerability which occurs in HTML page with frames. Frame injection vulnerability exists because many browsers support editing of frames, if a HTML page uses frameset tag to create several frames in single HTML page, even though the source of frame is called from another website it still remains vulnerable.

Free Ethical Hacking Training | Learn Ethical Hacking Online Free | Learn How To Hack | Hack Counter Hack | Ethical Hacking Tutorials | Devil's Blog On Security