Anti CSRF Tokens Scanner

Reference

Plugin Id: 20012 | CWE: 352

Resource

https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.md

Remediation

To mitigate the risk of the “Anti CSRF Tokens Scanner” vulnerability, the following steps can be taken:

Implement CSRF tokens: Use anti-CSRF tokens in all forms and AJAX requests to ensure that each request is accompanied by a unique token. This token should be generated on the server-side and included in the form or request payload. On the server-side, validate the token for each incoming request to ensure its authenticity.

Example in PHP:
```
// Generate CSRF token and include it in the form
$csrfToken = bin2hex(random_bytes(32));
echo '<input type="hidden" name="csrf_token" value="' . $csrfToken . '">';

// Validate CSRF token on the server-side
if ($_POST['csrf_token'] !== $_SESSION['csrf_token']) {
    // Invalid token, handle the error
}
```
Use SameSite cookies: Set the SameSite attribute for cookies to prevent them from being sent in cross-site requests. This attribute restricts the cookie to be sent only with requests originating from the same site.

Example in JavaScript:
```
document.cookie = 'session_id=123; SameSite=Strict';
```
Implement strict referer checking: Validate the Referer header of incoming requests to ensure that they originate from the same site. This can help detect and block requests from unauthorized sources.

Example in Apache .htaccess:
```
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^https://www.example.com/ [NC]
RewriteRule ^ - [F]
```

About

Cross-Site Request Forgery (CSRF) is an attack that exploits the trust between a website and its users. It involves tricking a victim into unknowingly sending a malicious request to a target website, using the victim’s authenticated session or network connection. The attack takes advantage of predictable URL/form actions and can be performed even if the victim is not aware of it.

CSRF attacks can be prevented by implementing measures such as CSRF tokens, SameSite cookies, and strict referer checking. These techniques ensure that each request is accompanied by a unique token, restrict the sending of cookies in cross-site requests, and validate the referer header to ensure requests originate from the same site.

Risks

The “Anti CSRF Tokens Scanner” vulnerability poses several risks:

Unauthorized actions: An attacker can use CSRF to perform actions on behalf of the victim without their knowledge or consent. This can lead to unauthorized changes, such as modifying account settings, making financial transactions, or deleting data.
Information disclosure: CSRF attacks can also be used to gain access to sensitive information by exploiting vulnerabilities in the target site. If the target site is vulnerable to cross-site scripting (XSS), the risk of information disclosure is further increased, as XSS can be used as a platform for CSRF attacks.
Session hijacking: CSRF attacks can hijack an active session or authentication credentials of the victim, allowing the attacker to impersonate the victim and perform actions with their privileges. This can lead to further compromise of the victim’s account or unauthorized access to sensitive resources.

It is crucial to implement proper countermeasures to prevent CSRF attacks and protect both the website and its users from these risks.