Add any thoughts via CSRF - API Security Blog

Main / Add any thoughts via CSRF

Add any thoughts via CSRF

Discription

# Description
An attacker can add any user thoughts via a CSRF attack

When you send a link to the victim and click on it, any thoughts will be added

# Proof of Concept

1- When the attacker adds any thoughts, it then intercepts the request

2- Take this request to generate a CSRF PoC

“`

“`
# POC

https://drive.google.com/file/d/11Hec1H-61UpoOLVi55uWRpLBUMLVjRbi/view?usp=share_link

# Some sources fix CSRF

Add CSRF Token

https://www.freecodecamp.org/news/csrf-protection-problem-and-how-to-fix-it

https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.htmlRead More

References

Back to Main

Subscribe for the latest news: