Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
B
B
Blumfontein2014-05-19 06:24:03
XSS
Blumfontein, 2014-05-19 06:24:03

Question about the nature of CSRF

Do I understand correctly that if no data is changed on the site by get or post and there is no vulnerability to XSS, then there is no vulnerability to CSRF, since cross-site Ajax requests are prohibited by the browser's security policy? Of course, provided that the user does not use an exotic browser or has not disabled security settings.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
S
Sergey Toy, 2014-05-19
@Toy

CSRF is not required but an AJAX request. It can be just a form on any domain submitting data to your script. But if, as you say, no data changes, then you should not worry. In that case, why is the site not static? The admin area can also be vulnerable to CSRF.

Similar questions
I
Isaac Clark2015-03-03 16:36:52
Which htmlEntities are used by Facebook, Google or Twitter? 2Reply
E
entermix2015-04-08 17:39:26
How to set up HTML Purifier correctly? 0Reply
D
Danil2021-04-06 09:41:28
What request is being sent to me? 1Reply
T
tenrabbits122017-04-26 12:59:57
Is it possible to run Vue.js in a Chrome extension? 0Reply
N
NO1nam2020-01-24 15:40:37
How to replace the script? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question