< Back





2. CSRF where token validation depends on request method

This web application uses a CSRF token to protect against CSRF attacks. The token is validated on
the server, but the validation logic depends on the request method. Instead of using a POST request
to change the user's password, we instead use a GET request, and store the email parameter in the
URI. This means that the CSRF token is not validated, and the email address is changed when a user
visits our exploit server.


Solution