Cross-Site Request Forgery For POST Requests With An XML Body

I recently had cause to create a proof-of-concept for a site that seemed to be vulnerable to Cross-Site Request Forgery (CSRF).  I say “seemed” because there was no CSRF protection, but I was finding the XML POST body really hard to forge (It was a SOAP / XMLRPC type request). Eventually Sid from notsosecure.com pointed [...]

Tags: ,

Posted in: Blog