# Attack Types ## CSRF ``` https://owasp.org/www-community/attacks/csrf ``` Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions in a web application wherein they're currently authenticated. Cross-Site Request Forgery (CSRF) attacks specifically target state-changing requests – not theft of data since the attacker has no way to see the response to the forged request. With a little social engineering help (such as sending a link via email or chat), an attacker may trick the users of a web application into executing actions of the attacker’s choosing. If the victim is a normal user, a successful CSRF attack can force them to perform state-changing requests such as transferring funds or changing their email address. If the victim has an administrative account, CSRF can compromise the entire web application. **GET scenario** If the application was designed to use GET requests to execute actions like making bank transfers or sending messages, the executing action might be reduced to a request as shown below: ``` GET http://application.com/action.do?account=Victim&amount=100 HTTP/1.1 ``` An attacker now decides to exploit this web application vulnerability. The attacker first constructs the following exploit URL, which will transfer $10,000 from the victim's account to their own. ``` http://application.com/action.do?account=Attacker&amount=10000 ``` The social engineering aspect of the attack tricks the victim into loading this URL while logged into the banking application. This is usually done with one of the following techniques: * sending an unsolicited email with HTML content * planting an exploit URL or script on pages the victim is likely to visit while banking online **POST scenario** The only difference between GET and POST attacks is how the attack is being executed by the victim. Let's assume the bank now uses POST and the vulnerable request looks like this: ``` POST http://application.com/action.do HTTP/1.1 account=Victim&amount=10 ``` tbc --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://guide.offsecnewbie.com/attack-types.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.