CSRF bypass

| February 16, 2023 | Updated: February 16, 2023

1- Change single char 2- Sending empty value of token 3- Replace with same length 4- Clickjacking 5- Changing POST/GET method 6- Remove
CSRF parameter from request 7- Use another users’s valid token 8- CSRF protection by Referer header? Remove the header [ADD in form ] 9-
Bypass using subdomain [victim.com.attacker.com] 10- Try to decrypt hash(maybe CSRF toen is hash) 11- Gmail -> Mail send to
email+2=@gmail.com will actually send to email@gmail.com 12- CSRF tokens leveraging XSS vulnerabilities

Leave a Reply

Your email address will not be published. Required fields are marked *