Collaborate Disseminate
I’m working on a CTF where to obtain the flag I need to trigger the admin user of a Flask app to reveal it.
The way this has to be done is through a CSRF + XSS chain attack, as the validation script first login on the app, then navigates t… Continue reading XSS working in browser but not through script
I’m developing an account sign up form. The user fills out name, address, username, password, etc, and submits. The app has prior art for CSRF protection. However, it’s very buggy and causing a lot of problems. I also don’t see how this ki… Continue reading Would CSRF protection be pointless on an unauthenticated endpoint?
I am using Django REST framework.
I want a single API for all of my clients (web, mobile, curl).
I understand that I need to include a CSRF token in requests originating from the web client, to protect against CSRF. However, this is not ne… Continue reading How to protect web app against login CSRF while also allowing mobile app/curl to access REST API?
Let’s assume we have a web-application that stores its auth token in the browser’s sessionStorage/localStorage and does not use cookies. If I’m not completely mistaken, such a web application is not vulnerable against CSRF attacks, right?
… Continue reading What is the risk of lenient CORS header for a webapplication that stores tokens in sessionStorage and not in cookies?
I am working on the DVWA’s CSRF lab with the security setting to low. The DVWA is running on localhost:4280. The SameSite cookie attribute is not set (to Lax or Strict), and thus cross-site requests should be possible.
On http://localhost:… Continue reading CSRF not sending correct cookie (Damn Vulnerable Web App test)
How to gather the csrf token on a login page and analyze the vulnerabilities on csrf token using Burp?
I am doing some security research on an application and I am wondering where it is based on.
It appears to be changing each request (so not bound to a user session). Is it just a random value, which should exists within the system or even … Continue reading Where is the .NET __RequestVerificationToken based on?
How does one balance security and usability when using nonces on a website?
Imagine a website where the same nonce is embedded in the page, and stored in the browser session.
If I were to replace the nonce on every page load then:
The use… Continue reading Balancing security with usability when using nonce for CSRF protection
What I have understood (I guess):
Cross-origin Cookies:
Cookies set with Domain="example.com" are not sent with fetch requests from origins like hello.example2.com to mywebsite.example.com because they are different domains. How… Continue reading Understanding Cross-Domain Cookies and `SameSite` Attributes with Express.js and Third-Party Tracking
I’m having a really hard time understanding why the state should be used to protect against CSRF at the OAuth 2.0 login flow.
Imagine I have an Authorization Server with a legitimate client registered with the client_id of my-app-123 and t… Continue reading OAuth 2.0 – why is the state parameter needed in order to prevent CSRF at authorization code login flow?