Interesting Link – Brute Forcing User IDS via CSRF To Delete all Users with CSRF attack.

While testing an application, there was a module “Delete User” in which an admin can delete any user. If you notice in the request, there is no CSRF Token/Protection implemented into delete user request.

https://medium.com/@armaanpathan/brute-forcing-user-ids-via-csrf-to-delete-all-users-with-csrf-attack-216ccd4d832c

Close Menu