tbhm:08_csrf
This is an old revision of the document!
CSRF Testing
Testing CSRF On Application
- CSRF Normal
- Change Method To GET-Based
- Change Value Of CSRF-Token To undefined
- Delete CSRF Token Value Or Delete Token Parameter
- Use The same CSRF Value In Different Accounts
- Replace Value CSRF Token with Same Length Characters
- Change Content-Type from application/json to text/plain
- Use Vulnerable-Subdomain To Bypass CSRF Token
tbhm/08_csrf.1778747294.txt.gz · Last modified: by drew