Hi,
Anyone knows valid methods to bypass XMLHttpRequest & similar header-existence based CSRF protection (Forcing a user to send header-forged requests)?
Best,
Hey mazen,
We can use known vulnerabilities to bypass csrf protection.
1)Such as applications which use x requested with header as protection can be bypassed using a 307 redirect and a flash file!
2) xss vulnerability
3) cors
And etc
Thanks @WeSecureApp for the response.
*The problem with the first option that I believe it has been patched by Chrome, and perhaps most browsers.
*The cors might be a good option, but it’s problem is SOP, as it’s enforced in all modern browsers.
The only option possible using XHR along with an XSS, but that’s decreases the exploitation, as having an XSS might bypass all CSRF protections.
Thanks,
Mazin
Hi @mazen160 @WeSecureApp is right earlier i have faced such situations while exploiting a csrf probably this might give any hint !
Cisco Ajax based csrf
1 Like