nerdexam
EC-Council

312-50V11 · Question #271

Which of the following conditions must be given to allow a tester to exploit a Cross-Site Request Forgery (CSRF) vulnerable web application?

The correct answer is D. The web application should not use random tokens.. CSRF attacks succeed when a web application fails to use unpredictable, per-session tokens to validate that state-changing requests were intentionally submitted by the authenticated user.

Hacking Web Applications

Question

Which of the following conditions must be given to allow a tester to exploit a Cross-Site Request Forgery (CSRF) vulnerable web application?

Options

  • AThe victim user must open the malicious link with an Internet Explorer prior to version 8.
  • BThe session cookies generated by the application do not have the HttpOnly flag set.
  • CThe victim user must open the malicious link with a Firefox prior to version 3.
  • DThe web application should not use random tokens.

How the community answered

(14 responses)
  • B
    14% (2)
  • C
    7% (1)
  • D
    79% (11)

Why each option

CSRF attacks succeed when a web application fails to use unpredictable, per-session tokens to validate that state-changing requests were intentionally submitted by the authenticated user.

AThe victim user must open the malicious link with an Internet Explorer prior to version 8.

CSRF is not limited to Internet Explorer or any specific browser version; any browser that automatically includes cookies with cross-origin requests is susceptible.

BThe session cookies generated by the application do not have the HttpOnly flag set.

The HttpOnly flag prevents client-side scripts from accessing cookies to defend against XSS-based cookie theft, but it does not prevent the browser from automatically attaching cookies to forged cross-site requests.

CThe victim user must open the malicious link with a Firefox prior to version 3.

CSRF vulnerability is not tied to Firefox or any particular browser version; the attack relies on the browser's standard behavior of sending cookies with all matching requests, regardless of origin.

DThe web application should not use random tokens.Correct

The primary defense against CSRF is the inclusion of a unique, secret, unpredictable anti-CSRF token in every state-changing request, which the server validates. If the application does not use such random tokens, an attacker can craft a malicious request that the victim's browser will automatically send with valid session credentials, and the server has no way to distinguish it from a legitimate request. The absence of token validation is the core architectural condition that makes CSRF exploitation possible.

Concept tested: CSRF anti-token protection requirement

Source: https://owasp.org/www-community/attacks/csrf

Topics

#CSRF#random tokens#session management#web application security

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice