AppSecNotes
CSRF - Cross-Site Request Forgery
Cross-Site Request Forgery (CSRF) is a vulnerability that allows an attacker to induce users to perform actions that to not intent to perform.
Look for POST requests that lack CSRF tokens and SameSite cookie flags. Some of the checks when looking for CSRF:
  1. Even when csrf tokens exist in the url, request or form, some requests might still work without them. Try removing the token to see if the request still works.
  2. Check if the request still works after modifying the token.
  3. Does it still work with any other token with the same length?
  4. Try 1), 2) and 3) for the same request with a different request method.
  5. A token might just be base_64 encoding or a md5 hash of an user id. Try to decode it.
  6. Check if the same token is shared and can be re-used for multiple user accounts.
  7. Can we generate another token that is valid?
  8. Is the page vulnerable to XSS? If yes we can create a PoC with XSS to steal the token and inject it into our POST request with JavaScript.