When you are accessing your bank website ,Why should you not open any other tab in same window with some unknown /evil application?
You might become s CSRF prey.
How does that happen ?
LEt's understand this with an simple example.
Let's say you open the browser and login to you bank website www.mybank.com with your username/password.
When you Do this bank might persist your authentication token in cookie. For eample : You login to the website using your username/password and bank website
,after successful authentication , stores in client cookie "isUserALreadyLoggenzIn"="true"
After this you open an evil website in new tab , may be by clicking on some link on some other page in the same window . Now that evil website might contain
a form like this
You might become s CSRF prey.
How does that happen ?
LEt's understand this with an simple example.
Let's say you open the browser and login to you bank website www.mybank.com with your username/password.
When you Do this bank might persist your authentication token in cookie. For eample : You login to the website using your username/password and bank website
,after successful authentication , stores in client cookie "isUserALreadyLoggenzIn"="true"
After this you open an evil website in new tab , may be by clicking on some link on some other page in the same window . Now that evil website might contain
a form like this
No comments:
Post a Comment