Open in app
Bala Praneeth (Begin_hunt)
95 Followers
About

Sign in

Open in app
Bala Praneeth (Begin_hunt)

Sep 9, 2020·1 min read

Nice Article. But this is not CSRF. It’s true that the tokens are not validated on the server side rather on the client side. This type of validation is known as Double-submit cookies and is not vulnerable. This is how double-submit cookies function. Thanks.

Bug Bounty: Let’s Bypass an entire Web App’s CSRF protection
166
4

Tommaso De Ponti

About

Help

Legal

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store