CSRF is Wicked
CSRF (Sea Surf) stands for Cross Site Request Forgery. It means that an attacker can forge requests (forgery) to websites other than the one you're visiting (e.g. to DSLR from dmiessler.com) on your behalf (using your authenticated credentials).
The way it works is simple: if you have been to a site that requires authentication recently, you likely have a cookie stored for it. And if I can make you request to do things on that site without you knowing about it, you will make those requests using your cookie, and as a result the requests will be successful.
One of the ways of doing this is through image tags. The image below (that didn't display) didn't display for a reason. Instead of pointing to a real image I pointed to the logout URL for DSLReports.com.
(img src="http://www.dslreports.com/logout/" alt="poc_image" /)
The trick is that you (i.e. your browser) **clicked** this link just by visiting this site because browsers load images automatically by default. Oh, and if you still had one, you sent your cookie to DSLR along with the request, so DSLR (and anyone else that looks at the evidence) will be quite sure YOU made the request.
The upshot? If you're reading this, you're now logged out of your account at DSLR.
Implications
So what can someone do with this? Well, I could have posted a link to have you bid on an auction, or any number of other "actions" that were then performed as YOU because you sent YOUR individual cookie along with the request YOU made. Think about it.
This kind of CSRF proof of concept is nothing new, but websec experts agree that this is going to be one of the most serious web security threats in years to come. Perhaps it's a good time for us in information security to learn more about it as well.:
