Cross Site Request Forgery (CSRF)

Blog / Articles:

http://blog.opensecurityresearch.com/2012/02/json-csrf-with-parameter-padding.html
https://labs.detectify.com/2017/03/15/loginlogout-csrf-time-to-reconsider/
https://medium.com/@secureITmania/how-i-exploit-the-json-csrf-with-method-override-technique-71c0a9a7f3b0
https://labs.detectify.com/2017/03/15/loginlogout-csrf-time-to-reconsider/
https://medium.com/@zseano/site-wide-csrf-issue-chained-with-clickjacking-multiple-sites-vulnerable-6201abab0d3e
https://blog.securityinnovation.com/seven-sins-of-anti-csrf-tokens?utm_campaign=Blog%20Posts&utm_content=135806080&utm_medium=social&utm_source=twitter&hss_channel=tw-213735745
https://medium.com/bugbountywriteup/lets-bypass-csrf-protection-password-confirmation-to-takeover-victim-accounts-d-4a21297847ff

Bypasses / Cheatsheets:

1MB

screencapture-web-archive-org-web-20170330124956-http-zseano-com-tut-5-html-2020-09-30-00_04_31.pdf

PDF

Open

https://trustfoundry.net/cross-site-request-forgery-cheat-sheet/

CSRF MindMap:

Videos:

https://www.youtube.com/watch?v=eWEgUcHPle0
https://www.youtube.com/watch?v=ULvf6N8AL2A&feature=youtu.be

ATO using CSRF -Account setting-password change option -We need current password to change new password -capture the request,remove current password and CSRF-Token paramater -Generate CSRF poc -Send it to victim and victim password go changed #bugbountytips #BugBounty

PreviousDirectory / Path Traversal NextJSON CSRF

Last updated 4 years ago