๐ Courier: Logout page does not prevent CSRF
๐ก Newskategorie: Sicherheitslรผcken
๐ Quelle: vulners.com
Summary: Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. ... If the victim is an administrative account, CSRF can compromise the entire web application. Steps To Reproduce: 1.Create a CSRF logout POC using the following code. Code That i use:-- history.pushState('', '', '/') Supporting Material/References: I have provided a attack senirio for it please check it Impact Logout any victim into the attacker account, send the HTML made by attacker and then logout him from the Session. The hacker selected the Cross-Site Request Forgery (CSRF) weakness. This vulnerability type requires contextual information from the... ...