# CSRF
Client side request forgery allows an attacker to induce users to perform actions that they do not intend to perform.
## Deliver a CSRF Exploit
### **Reflected XSS**
Attacker will place the malicious HTML onto a web site that they control.
### GET method
#### **Example:**
```html
```
## Common CSRF vulnerabilities
* Some applications correctly validate the token when the request uses the POST method but skip the validation when the GET method is used.
* Some applications correctly validate the token when it is present but skip the validation if the token is omitted.
* Some applications do not validate that the token belongs to the same session as the user who is making the request.
* Some applications do tie the CSRF token to a cookie, but not to the same cookie that is used to track sessions.
#### **Example:**
```html
```
* Some applications do not maintain any server-side record of tokens that have been issued.
* Cookie **SomeSite=Lax** bypass via method override.
* Change **POST** method to **Get** with **"\_method"** parameter.
#### Example:
`/change-email?email=attacker@attack.net&_method=POST`
## Defenses
* [x] CSRF tokens.
* [x] HTTP cookie header (CSRF-key).
* [x] Captcha.
* [x] HTTP Referrer header.