Chris Shiflett has posted about a very interesting cross-site request forgery (CSRF) discovery using Amazon.com. Basically it’s a way of getting the user’s browser to make a particular HTTP GET request without the user knowing. The trick is that this particular request has more significant consequences than just retrieving data, like a GET request normally does. It takes advantage of the victim site’s trust of the user making the request, usually because he was previously logged in.
For example, when you login to Amazon, it keeps track of a cookie to easily identify you later. That’s how you get the friendly greeting on the front page. Of course, to purchase anything or perform any account maintenance tasks, you have to re-authenticate with your password.
The CSRF attack that Chris discovered allows a malicious website to add items to your Amazon shopping cart without your knowledge. I’ve put an example on my site, just to demonstrate it. Don’t worry, it wont actually buy anything, but you should be careful to remove the item from your cart - assuming you don’t really want to buy Ubuntu Unleashed.
Post a Comment