tbhm:08_csrf
This is an old revision of the document!
Table of Contents
CSRF Testing
Testing CSRF On Application
- CSRF Normal
- Change Method To GET-Based
- Change Value Of CSRF-Token To undefined
- Delete CSRF Token Value Or Delete Token Parameter
- Use The same CSRF Value In Different Accounts
- Replace Value CSRF Token with Same Length Characters
- Change Content-Type from application/json to text/plain
- Use Vulnerable-Subdomain To Bypass CSRF Token
Zseano's 8-Step CSRF Test
- Standard CSRF test – remove token entirely
- Change method to GET
- Change CSRF token value to
undefined - Delete token value or entire parameter
- Use same CSRF token across two different accounts
- Replace token with same-length random string
- Change content-type from
application/jsontotext/plain - Use a vulnerable subdomain to bypass CSRF token validation
Blank referer bypass: <meta name=“referrer” content=“no-referrer” />
iframe data URI bypass: <iframe src=“data:text/html;base64,FORM”>
tbhm/08_csrf.1778749157.txt.gz · Last modified: by drew