CWE-352: Cross-Site Request Forgery (CSRF)
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
常见后果
影响范围: Confidentiality Integrity Availability Non-Repudiation Access Control
技术影响: Gain Privileges or Assume Identity Bypass Protection Mechanism Read Application Data Modify Application Data DoS: Crash, Exit, or Restart
说明: The consequences will vary depending on the nature of the functionality that is vulnerable to CSRF. An attacker could trick a client into making an unintentional request to the web server via a URL, image load, XMLHttpRequest, etc., which would then be treated as an authentic request from the client - effectively performing any operations as the victim, leading to an exposure of data, unintended code execution, etc. If the victim is an administrator or privileged user, the consequences may include obtaining complete control over the web application - deleting or stealing data, uninstalling the product, or using it to launch other attacks against all of the product's users. Because the attacker has the identity of the victim, the scope of CSRF is limited only by the victim's privileges.
潜在缓解措施
阶段: Architecture and Design
策略: Libraries or Frameworks
阶段: Implementation
描述: Ensure that the application is free of cross-site scripting issues (CWE-79), because most CSRF defenses can be bypassed using attacker-controlled script.
阶段: Architecture and Design
描述: Generate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330). [REF-332]
阶段: Architecture and Design
描述: Identify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.
阶段: Architecture and Design
阶段: Architecture and Design
描述: Do not use the GET method for any request that triggers a state change.
阶段: Implementation
描述: Check the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.
检测方法
方法: Manual Analysis
有效性: High
方法: Automated Static Analysis
CSRF is currently difficult to detect reliably using automated techniques. This is because each application has its own implicit security policy that dictates which requests can be influenced by an outsider and automatically performed on behalf of a user, versus which requests require strong confidence that the user intends to make the request. For example, a keyword search of the public portion of a web site is typically expected to be encoded within a link that can be launched automatically when the user clicks on the link.
有效性: Limited
方法: Automated Static Analysis - Binary or Bytecode
有效性: SOAR Partial
方法: Manual Static Analysis - Binary or Bytecode
有效性: SOAR Partial
方法: Dynamic Analysis with Automated Results Interpretation
有效性: High
方法: Dynamic Analysis with Manual Results Interpretation
有效性: High
方法: Manual Static Analysis - Source Code
有效性: SOAR Partial
方法: Automated Static Analysis - Source Code
有效性: SOAR Partial
方法: Architecture or Design Review
有效性: SOAR Partial
观察示例
参考: CVE-2004-1703
Add user accounts via a URL in an img tag
参考: CVE-2004-1995
Add user accounts via a URL in an img tag
参考: CVE-2004-1967
Arbitrary code execution by specifying the code in a crafted img tag or URL
参考: CVE-2004-1842
Gain administrative privileges via a URL in an img tag
参考: CVE-2005-1947
Delete a victim's information via a URL or an img tag
参考: CVE-2005-2059
Change another user's settings via a URL or an img tag
参考: CVE-2005-1674
Perform actions as administrator via a URL or an img tag
参考: CVE-2009-3520
modify password for the administrator
参考: CVE-2009-3022
CMS allows modification of configuration via CSRF attack against the administrator
参考: CVE-2009-3759
web interface allows password changes or stopping a virtual machine via CSRF
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | REALIZATION: This weakness is caused during implementation of an architectural security tactic. |
适用平台
编程语言
技术
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| PLOVER | - | Cross-Site Request Forgery (CSRF) | - |
| OWASP Top Ten 2007 | A5 | Cross Site Request Forgery (CSRF) | Exact |
| WASC | 9 | Cross-site Request Forgery | - |
关键信息
CWE ID: CWE-352
抽象级别: Compound
结构: Composite
状态: Stable
利用可能性: Medium