.png)
3 years ago
169 BOOK THIS SPACE FOR AD
ARTICLE ADWhenever I start testing a website the first thing I do is using it like a normal user would. During this process, I leave the burp open to have a list of all the requests and endpoints for further investigation.
After looking for the basic vulnerabilities I realized that all requests I made were protected against CSRF by using a token.
To protect websites from CSRF, the website introduce a token to every request you made to the server. If your token doesn't match with the one in the server, the request drops.
But…
If the CSRF token isn't properly checked you can bypass it by changing it with another with the same length or just remove it completely. For example, if you the following request:
POST /api/removeUserContent-Length: 28user_id=12345&csrf=987654321
You could try the following requests to bypass the CSRF token:
POST /api/removeUserContent-Length: 28user_id=12345&csrf=123456789.....POST /api/removeUser
Content-Length: 28user_id=12345
In my case was the first one. The server just checked the token length and if it was present.
https://giphy.com/clips/afv-americas-funniest-home-videos-baby-boogie-VI7ovbaS8r4AzfXvcBThank you very much for reading. If you would like me to continue to bring my found bugs, you can buy me a coffee. 😊😊😊
Follow me on Twitter!
Bengali (Bangladesh) · 
English (United States) ·