[OWASP-Delhi] Anti-CSRF token in cookie and post form
vaibhav12jan at gmail.com
Sat Jul 4 11:52:10 UTC 2015
I recently encountered an application which was having its random anti-csrf
token in cookie and the same random token was sent in the POST form. If I
tamper the cookie and the post form anti-CSRF token with the same value,
server will validate my request.
and hence cannot fiddle with the anti-csrf token present in cookie. Is
there a way to create a working exploit?
Apologies if I am unable to clear the scenario.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Delhi