killchain-compendium/Exploits/Web/CSRF.md

12 lines
267 B
Markdown

# CSRF
## Protection
* May be a hidden field with an encoded value
```html
<input type="hidden" name="csrf_protect" value="eyJk..n0=">
```
* This field need to be removed in order to do some csrf shenanigans
* Decode the value to reproduce some valid content.