Posts

Showing posts from February, 2020

Site wide CSRF on a popular program

Image
I found this bug in the same program that I explained in this post " Authorization bug every bug hunter missed " I was moving through another target on this program when I noticed that there was no CSRF protection like there were no tokens etc so I wondered what they were using to prevent CSRF, I noticed some high entropy strings in headers but request worked without those headers as well so that wasn't protecting the website from CSRF. Request body consisted of JSON objects basically {key: "value"} pairs the assumption behind using it was that in a typical CSRF attack attackers don't send JSON payloads, so using JSON will naturally protect the application against CSRF. Here's where the trick comes in, It's actually more of check that you should perform while trying to find CSRF bugs, I spotted it on Twitter first you may or may not be familiar with it, here's how it works. It's very simple assume that server side framework is expe...