Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Possible CSRF (Cross-site request forgery) - Vulnerability Database

Possible CSRF (Cross-site request forgery)

Description

This alert requires manual confirmation

Cross-Site Request Forgery (CSRF) is a web security vulnerability that allows an attacker to trick authenticated users into performing unintended actions on a web application. The attack exploits the trust that a web application has in the user's browser by forcing the victim to submit malicious requests while authenticated.

Invicti identified an HTML form that appears to lack CSRF protection mechanisms. Without proper anti-CSRF tokens or validation, this form may accept forged requests from malicious third-party sites. Review the 'Attack details' section to examine the specific form and parameters that may be vulnerable.

Remediation

Implement robust CSRF protection for all state-changing operations. Follow these steps to remediate this vulnerability:

1. Implement Anti-CSRF Tokens (Synchronizer Token Pattern)
Generate a unique, unpredictable token for each user session and include it in all forms and state-changing requests:

<form method="POST" action="/update-profile">
  <input type="hidden" name="csrf_token" value="{{session.csrf_token}}">
  <!-- other form fields -->
  <button type="submit">Submit</button>
</form>

2. Validate Tokens Server-Side
Verify the token on every state-changing request before processing:

// Server-side validation example (pseudocode)
if (request.POST['csrf_token'] !== session.csrf_token) {
  return error(403, "Invalid CSRF token");
}
// Process the request only if token is valid

3. Token Requirements
  • Generate tokens using a cryptographically secure random number generator (CSPRNG)
  • Use sufficient length (at least 128 bits of entropy)
  • Create unique tokens per user session
  • Regenerate tokens after authentication state changes
  • Set appropriate session timeouts

4. Additional Security Measures
  • Use the SameSite cookie attribute (SameSite=Lax or SameSite=Strict) for session cookies
  • Implement custom request headers for AJAX requests and verify their presence
  • Require re-authentication for sensitive operations
  • Ensure GET requests do not perform state-changing operations
  • Consider implementing double-submit cookie pattern as a defense-in-depth measure

5. Framework-Specific Solutions
Most modern web frameworks provide built-in CSRF protection. Enable and properly configure these features rather than implementing custom solutions.

References

What is Cross Site Reference Forgery (CSRF)?
Cross-Site Request Forgery (CSRF) Prevention Cheatsheet
The Cross-Site Request Forgery (CSRF/XSRF) FAQ
Cross-site Request Forgery

Related Vulnerabilities

Adobe Coldfusion 8 multiple linked XSS vulnerabilies High
Common tags: CSRF
WordPress Plugin Abandoned Cart Recovery for WooCommerce Cross-Site Request Forgery (1.0.4) High
Common tags: CSRF
WordPress Plugin Remove Schema Cross-Site Request Forgery (1.4) High
Common tags: CSRF
WordPress Plugin Staff Directory:Company Directory Cross-Site Request Forgery (3.6) High
Common tags: CSRF
WordPress Plugin Sunshine Photo Cart Cross-Site Request Forgery (2.8.28) High
Common tags: CSRF

Severity

Low

Classification

CWE-352
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

CSRF