👋Ichyaboy
Hackthebox Related
- 🎰Machines
  - Linux based Machines
    Talkative
    Encoding
  - Windows based machines
    Silo
- 🕹️Challenges (coming soon)
Portswigger Related
- 🔧Server-side topics
- 🎯Client-side topics
Resources
- 🏳️Cheatsheets
- 🏴Useful Scripts

Powered by GitBook

On this page

Portswigger Related

Client-side topics

Cross-site Request forgery (CSRF)

PreviousManipulating the WebSocket handshake to exploit vulnerabilities NextCSRF vulnerability with no defenses

Last updated 11 months ago

CSRF Labs Writeups

🎯

Cover

CSRF vulnerability with no defenses

Cover

CSRF where token validation depends on request method

Cover

CSRF where token validation depends on token being present

Cover

CSRF where token is not tied to user session

Cover

CSRF where token is tied to non-session cookie

Cover

CSRF where token is duplicated in cookie

Cover

SameSite Lax bypass via method override

Cover

SameSite Strict bypass via client-side redirect

Cover

SameSite Strict bypass via sibling domain

Cover

SameSite Lax bypass via cookie refresh

Cover

CSRF where Referer validation depends on header being present

Cover

CSRF with broken Referer validation