Request Forgeries

CSRF (Cross site request forgery), “Sea Surf”

When you visit a website, it normally makes requests to other websites to ‘build’ its content. For example, a page may pull google trackers, images, youtube videos etc. These requests are made by the browser using the current ‘context’. That is, the browser has access to the current credentials (Cookies). If a malicious link is provided to the user, or a web page is breached, it can make requests to a malicious server without the browser or user being aware. This can result in cookie transfer, or a malicious request could be crafted to perform an action as the user, such as making a Social Media Post.

In many ways, this issue must be resolved in the site itself, but browsers may have defences too.

SSRF (Server side request forgery)

Less common is SSRF. When data is provided to a server (such as via a POST), the server performs actions on this data in the context of the server. A malicious request could be crafted to perform actions outside the intended use of the request, to extract data or perform actions as the server. A specific case of this could be SQL injection, but the issue could be in PHP or any other server side actions.