Skip to main content
Information Security

Questions tagged [csrf]

Ask Question

a cross site request forgery attack causes a visitor of a malicious website to send a request to a legit website to which he is already logged in including the session cookie.

715 questions
Newest Active Bountied Unanswered
1 vote
1 answer
116 views

I have been reading up on preventing CSRF on POST actions (none of my GET are allowed to alter data). I used anti-forgery tokens in the past and recently did some digging as I have been switching to ...
Steve Py's user avatar
  • 113
0 votes
1 answer
123 views

Let's say the user is visiting sensitive.com and uploads some sensitive image sensitive.com/private.png. This image can be read with a GET request but requires authentication via a session cookie. Now,...
Meowmere's user avatar
  • 123
1 vote
0 answers
86 views

I'm working on a CTF where to obtain the flag I need to trigger the admin user of a Flask app to reveal it. The way this has to be done is through a CSRF + XSS chain attack, as the validation script ...
Zanna's user avatar
  • 111
2 votes
1 answer
743 views

I am using Django REST framework. I want a single API for all of my clients (web, mobile, curl). I understand that I need to include a CSRF token in requests originating from the web client, to ...
Slav's user avatar
  • 125
0 votes
1 answer
185 views

I am working on the DVWA's CSRF lab with the security setting to low. The DVWA is running on localhost:4280. The SameSite cookie attribute is not set (to Lax or Strict), and thus cross-site requests ...
Nils Deschrijver's user avatar
  • 29
0 votes
1 answer
489 views

What I have understood (I guess): Cross-origin Cookies: Cookies set with Domain="example.com" are not sent with fetch requests from origins like hello.example2.com to mywebsite.example.com ...
allexj's user avatar
  • 537
2 votes
4 answers
2k views

I have a backend for a mobile application that has to serve large JSON responses from time to time, the transfer would be greatly helped by enabling compression, especially when the user has bad ...
JohanShogun's user avatar
  • 123
0 votes
1 answer
530 views

When I was originally developing my website, I made sure to include cross-site request forgery tokens in most endpoints and forms, etc., because I knew it was a highly recommended thing to do. But of ...
security_paranoid's user avatar
  • 4,795

15 30 50 per page
1
2 3 4 5
48