I research whitehat and blackhat SEO in my spare time (however not on this domain :), and
was thinking about some additional uses for Cross-site Request forgery from the blackhat SEO perspective.
* Publishing/Spamming links: People spamming forums with links is nothing new. By utilizing CSRF on the otherhand
you could force a website user base (either by embedding it into your site html directly, or by utilizing
an XSS vulnerability)
to submit forms with your url without their knowledge using the img javascript trick (as described about
in the Cross-site Request Forgery FAQ.
* Redirectors: Search engines and sites displaying a sites rank (blogs,
top sites community, top referers/incoming site links, etc…) count
the number of times a specific url is clicked or visited. As described
above if you can
get the user to visit the site via CSRF, then you can potentially
influence these counters
using unique hostnames/sessions (if logged in already). I suspect this
will start becoming
a real issue within the next year. One of the issues with CSRF is that
the referer is typically
sent to the target site. These can be easily hidden by utilizing an
open relay issue
on a totally non related site. This will make that site show up in the
referers instead
of the site containing the CSRF payload.
CSRF is where Cross site scripting was 5 years ago and new and more interesting uses are going to
keep being discovered. This vuln is in it for the long haul.
