killchain-compendium/exploit/web/csrf.md

CSRF

Protection

• May be a hidden field with an encoded value

    <input type="hidden" name="csrf_protect" value="eyJk..n0=">

• This field need to be removed in order to do some csrf shenanigans
• Decode the value to reproduce some valid content.