Wednesday 22 May 2013

Spoofed Forms - Stop Spoofed Form Submissions

Spoofed Forms - Stop Spoofed Form Submissions

It is method in which attacker create a copy of html form of another website, fill the data whatever he want to sent and submit the form.

There are various ways to spoof forms, the easiest of which is to simply copy a target form and
execute it from a different location. Spoofing a form makes it possible for an attacker
to remove all client-side validations/restrictions imposed upon the form in order to submit the form.


See in above form, here form's action is of another website.

How to Protect your website from spoofed forms

  • Add client side and server side validation
  • Use token system
  • Use captcha