项目作者: rootsploit

项目描述 :
JSON CSRF PoC
高级语言: HTML
项目地址: git://github.com/rootsploit/JSON-CSRF-PoC.git
创建时间: 2020-08-01T06:01:39Z
项目社区:https://github.com/rootsploit/JSON-CSRF-PoC

开源协议:

下载


JSON CSRF PoC

What is CSRF?

CSRF is Cross-Site Request Forgery vulnerability which can be used to force an user to conduct unintended actions on a Web Application. Using this flaw an attacker can perform various attacks based on the affected module such as changing Email ID, Password for the User’s Account.

CSRF on JSON Endpoint:

Cross-Site Request Forgery on JSON Endpoint using Fetch API as usual HTML Form does not work in API Request due to padding issue.

Below are the required conditions in order to perform this attack:

  1. Authentication Method should be cookie based only
  2. No Authentication Token in Header
  3. Same-Origin Policy should not be enforced

Change the URL and Body from the PoC file to perform the CSRF on JSON Endpoint.

More details on: rootsploit.com

alt text