Printable View
i was using w3af for scanning the vulnerable website, not because i wonder to hack or what, but just for testing how the w3af run for. ok just to the point, when i try this tool, i always got this message : The URL: http://www.site.com/index.php is vulnerable to cross site request forgery. It allows the attacker to exchange the method from POST to GET when sending data to the server.
wish anyone can explain what did it means?
tks
I actually think thats a very clear explanation, and I couldnt make it any clearer myself without giving a full explanation of CSRF attacks and showing examples of HTTP POST and GET requests - which Im not going to do becase this is research you can and should be doing on your own.
Do some reading on how the HTTP protocol works and on Cross Site Request Forgery (as well as other web based attacks), because its completely useless to be doing any web vulnerability scanning without this knowledge.
Spoonfeeder ;)Quote:
Originally Posted by thorin