[OWASP-Delhi] Anti-CSRF token in cookie and post form
mr.p.upadhyay at gmail.com
Sat Jul 4 20:52:30 UTC 2015
A lot of web applications keep session-cookie as secure and other cookies
as it is. If that is the scenario, adversary will be able to sniff the
cookie and get the CSRF Token.
I didn't understand the above statement. Are you saying that this cookie
has Httponly attribute set?
On Saturday, July 4, 2015, Vaibhav Gupta <vaibhav12jan at gmail.com> wrote:
> Hello all,
> I recently encountered an application which was having its random
> anti-csrf token in cookie and the same random token was sent in the POST
> form. If I tamper the cookie and the post form anti-CSRF token with the
> same value, server will validate my request.
> POST /account/delete
> HOST: XYZ
> Cookie: CSRF_Token=123456
> and hence cannot fiddle with the anti-csrf token present in cookie. Is
> there a way to create a working exploit?
> Apologies if I am unable to clear the scenario.
Sent from MI3
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Delhi