search

CSRF Bypass

Cross Site Request Forgery(CSRF)

Hello Guys, I Tried My Best To Share all The CSRF Bypasses I Know. I Hope This Will Help You.

Csrf will be login, logout, resetpass, change password, add-cart, like, comment, profie change, user details change, blance transffer, subscription ect

-Change Request Method [POST => GET]

-Remove Total Token Parameter

-Remove The Token, And Give a Blank Parameter

-Copy a Unused Valid Token , By Dropping The Request and Use That Token

-Use Own CSRF Token To Feed it to Victim

-Replace Value With Of A Token of Same Length 

-Reverse Engineer The Token

-Extract Token via HTML injection

-Switch From Non-Form `Content-Type: application/json` or `Content-Type: application/x-url-encoded` To `Content-Type: form-multipart`

-Change/delete the last or frist character from the token

-Change referrer to Referrer

-Bypass the regex
  If the site is looking for ā€œbank.comā€ in the referer URL, maybe ā€œbank.com.attacker.comā€ or ā€œattacker.com/bank.comā€ will work.

-Remove the referer header (add this <meta name=ā€referrerā€ content=ā€no-referrerā€> in your payload or html code)

-Clickjacking

  (If you arenā€™t familiar with clickjacking attacks, more information can be found https://owasp.org/www-community/attacks/Clickjacking.)
  Exploiting clickjacking on the same endpoint bypasses all CSRF protection. Because technically, the request is indeed originating from the legitimate site. If the page where   the vulnerable endpoint is located on is vulnerable to clickjacking, all CSRF protection will be rendered irrelevant and you will be able to achieve the same results as a CSRF   attack on the endpoint, albeit with a bit more effort.

hashtag
References

Medium Writeuparrow-up-right

Medium Writeuparrow-up-right

Medium Writeuparrow-up-right

hashtag
Authors

PreviousCSRF MindMapNextCVES

Last updated

Was this helpful?