CSRF Via File Upload

February 02, 2022

CSRF Via File Upload

Cross-Site Request Forgery (CSRF) is an attack that forces authenticated users to submit a request to a Web application against which they are currently authenticated.It is possible to perform CSRF attacks on file upload functionality by creating HTML Form.

Steps of Reproduction:

1. Capture the Upload form Request.

2. Create POC with Burp CSRF POC generator.

3. Open that POC html file in different account in different browser

4. And see if File upload is successful in another account.

Reference:

https://hackerone.com/reports/868572

https://hackerone.com/reports/169699

http://aetherlab.net/2013/04/here-it-is-the-file-upload-csrf

0xRobiul - Blog

CSRF Via File Upload

CSRF Via File Upload

Reference:

Post a Comment