Open in app
Bala Praneeth (Begin_hunt)
86 Followers
About

Sign in

86 Followers
About
Open in app
Bala Praneeth (Begin_hunt)

Bala Praneeth (Begin_hunt)

Sep 9, 2020·1 min read

Nice Article. But this is not CSRF. It’s true that the tokens are not validated on the server side rather on the client side. This type of validation is known as Double-submit cookies and is not vulnerable. This is how double-submit cookies function. Thanks.

Bala Praneeth (Begin_hunt)

Learner

Bug Bounty: Let’s Bypass an entire Web App’s CSRF protection
165
4

Tommaso De Ponti

  • Csrf
  • Security
  • Bug Bounty
  • Vulnerability
  • Token

More from Bala Praneeth (Begin_hunt)

Learner

More From Medium

China’s ‘Sharp Eyes’ Program Aims to Surveil 100% of Public Space

Dave Gershgorn in OneZero

Using Machine Learning to Detect Command Line Anomalies

Chris Parkerson in Adobe Tech Blog

A Data-Driven Blueprint to Scaling Cloud Operations Security — Part I

Chris Parkerson in Adobe Tech Blog

NYTimes Peru N-Word, Part One: Introduction

Donald G. McNeil Jr.

NYTimes Peru N-Word, Part Two: What Happened January 28?

Donald G. McNeil Jr.

NYTimes Peru N-Word, Part Three: What Happened in the 2019 Investigation?

Donald G. McNeil Jr.

NYTimes Peru N-Word, Part Four: What Happened in Peru?

Donald G. McNeil Jr.

My Boyfriend Sleeps in the Same Bed as Another Woman Every Night

Matilda Swinney in Real Talk About Sex

About

Help

Legal

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store