Anti-CSRF Defense: HTTP_Referer Check, A Common Mistake

Simply validating hostname in HTTP Referer, a widely deployed quick anti-csrf defense, can easily be bypassed if not correctly done.

http://yehg.net/lab/pr0js/training/view/misc/PHPNuke_8x_Anti-CSRF-Bypass/

Comments

Popular posts from this blog

Bypassing referrer check with no script involved

Jumping out of Touch Screen Kiosks