killchain-compendium/Exploits/Web/CSRF.md

267 B

CSRF

Protection

  • May be a hidden field with an encoded value
    <input type="hidden" name="csrf_protect" value="eyJk..n0=">
  • This field need to be removed in order to do some csrf shenanigans
  • Decode the value to reproduce some valid content.