appsec.fyi

A somewhat curated list of links to various topics in application security.

Cross-Site Request Forgery (CSRF)

LinkExcerpt
Avoiding CSRF Attacks with API DesignCross-site request forgery (CSRF) attacks are a type of attack where a website you don’t control tries to send commands to your website, using your customer’s cookies.
Samesite by Default and What It Means for Bug Bounty HuntersYou have probably heard of the SameSite attribute addition to HTTP cookies since Chrome 51 (and a specification thereafter). It was advertised as a CSRF killer. This attribute is going to be set by default for all cookies in Chrome 80 (February 4, 2020).
Bypass SameSite Cookies Default to Lax and get CSRFSameSite Cookies the new cookie attribute that everyone is talking about, it can be used to prevent SOP bypasses and CSRF attacks. but first let's look what is it actually.
Facebook GraphQL CSRFThere was a “CSRF” styled query in business.instagram.com that can allow GraphQL calls to be made. The discovery of the bug in View the Assigned Roles and Emails of an Instagram Account started at business.instagram.com/login with an authorization screen.
Account Takeover Using CSRF(json-based)Hello Everyone I’m sil3nt_4unt3r. I am bug hunter on hackerone and bugcrowd. This is my first blog, so forgive my mistakes I was hunting on Bugcrowd private program. The program has 4 different kind of roles Like Admin, H-User, L-User, and Guest.
Double Submit Cookie PatternCross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated.
Preventing Cross-Site Request Forgery (CSRF) Vulnerability in Web ApplicationForgery is an “act of copying or imitating things like a signature on a check, an official document to deceive the authority source for financial gains”.
Attacking Sites Using CSRFThe criticality of a CSRF vulnerability depends heavily on where the vulnerability is located. Sometimes, faulty CSRF protection mechanisms lead to inconsequential issues like unauthorized setting changes or emptying a user’s cart.
Attacking Sites Using CSRFThe criticality of a CSRF vulnerability depends heavily on where the vulnerability is located. Sometimes, faulty CSRF protection mechanisms lead to inconsequential issues like unauthorized setting changes or emptying a user’s cart.
Web Security AcademyIn this section, we'll explain what cross-site request forgery is, describe some examples of common CSRF vulnerabilities, and explain how to prevent CSRF attacks.
6 Methods to bypass CSRF protection on a web applicationFirst of all sincere apologies for the immense long delays in article writing and responses. As you know i have been quiet occupied but than again that is no excuse to stay out of touch with me readers.
Should login and logout action have CSRF protection?Stack Exchange network consists of 182 Q&A communities including Stack Overflow, the largest, most trusted online community for developers to learn, share their knowledge, and build their careers.
Brute Forcing User IDS via CSRF To Delete all Users with CSRF attack.While testing an application, there was a module “Delete User” in which an admin can delete any user. If you notice in the request, there is no CSRF Token/Protection implemented into delete user request.
WordPress Front End Security: CSRF and NoncesDigitalOcean joining forces with CSS-Tricks! Special welcome offer: get $100 of free credit. In our last article, we covered Cross-Site Scripting (XSS) and the functions WordPress provides to prevent XSS attacks.
In Praise of CSRF TokensI have seen CSRF flaws in a wide variety of web applications over the years — most of them aren’t all that relevant and worth discussing (which is why I rarely hear anyone talk about CSRF anymore). The flaws I have seen range from “nuisance” level, e.g.
Bypassing CSRF tokens with Python's CGIHTTPServerThere are ways to configure Burp using macros to bypass CSRF tokens on HTML forms, so we can use Burp Active Scans, Burp Intruder, Burp Repeater, and (cautiously) even Burp Proxy. There's also Grep-Extract and pitchfork attack type specifically for Intruder.
Self-XSS + CSRF to Stored XSSHola, this is Renwa from Kurdistan i’m glad to write my first write-up about infosec and Bugbounties.
Leaking Amazon.com CSRF Tokens Using Service Worker APIHello all, today I have some free time, so I am going to tell you about my finding at Amazon that could lead to full account takeover. let’s talk about Amazon as biggest e-commerce in the world, and when I say e-commerce that means a lot of money in one place.
Steal CSRF/Auth/Unique key Header with XSSIn fig: 1 You can see that there is a CSRF-token header presence in the website. Now we are going to steal it. Okay elow is the code which steals the token header and send it to the attacker’s server.
A Deep Dive into CSRF Protection in RailsIf you’re using Rails today, chances are you’re using CSRF protection. It’s been there almost since the beginning, and it’s one of those features in Rails that makes your life easier without needing to give it a second thought.
0ang3el/EasyCSRFEasyCSRF helps to find weak CSRF-protection in WebApp which can be easily bypassed. For example, content type based protection for API (Rest API, GraphQL API, etc) or CSRF-protection based on obscure data format (binary format, etc) are known to be weak.
Wiping Out CSRFIt’s 2017 and there shouldn’t be much more to say about Cross-Site Request Forgery (CSRF) that hasn’t already been said. It’s a vulnerability that has been known for years with well-documented and proven solutions that have been implemented in popular web development frameworks.
Using CORS policies to implement CSRF protectionMixmax is a communications platform that brings professional communication & email into the 21st century. This post is a follow-on to our CORS post back in December.
Cross-Site Request Forgery is dead!After toiling with Cross-Site Request Forgery on the web for, well forever really, we finally have a proper solution. No technical burden on the site owner, no difficult implementation, it's trivially simple to deploy, it's Same-Site Cookies.
Paypal bug bounty: Updating the Paypal.me profile picture without consent (CSRF attack)As you may know, you can upload a picture to paypal.com. Until recently this picture was pretty useless, but now it is displayed on you paypal public page. Paypal.me is a public page linked to your Paypal account that offers an easy way to receive/send money. For instance mine is there.
How does CSRF work without state parameter in OAuth2.0?I can understand step 1 to step 4. But from step 5 I got some confusion.
Sinatra CSRF Authenticity tokensI'm building a simple app in ruby using the Sinatra framework. It's mainly "get" based - most requests will be for listing data. However there are a couple of key screens in the app that will collect user input.