【Stored CSRF Attacks】Examples and Prevention Strategies
Sep 26, 2022
10 min read
In this article:
Cross-site request forgery (CSRF) is a security vulnerability that allows an attacker to submit unusual, malicious requests on behalf of an unsuspecting user. CSRF attacks, also known as one-click attacks, cross-site reference forgery, session riding, or hostile linking, take advantage of the trust between the server and client-side session, causing the victim to send requests that result in an unwanted action. Attackers often store the CSRF payload within the server in an attack known as a stored CSRF attack. This form of attack is often more complex and can be used to bypass advanced validation techniques to affect more than one regular user.
This article discusses the stored CSRF attack and explores some examples and prevention strategies to prevent the stored CSRF vulnerability.
What is a Stored Cross-Site Request Forgery Attack?
In a stored CSRF attack, a malicious user relies on the application to deliver cross-site requests to the client browser. In this exploit, hackers embed additional requests onto state-changing actions within hidden form fields of the web page. When the user clicks the submit button, the web server submits these requests on behalf of the user.
Unlike other cross-site request forgeries, this type of attack does not require three key conditions to embed the request within the