Answer the question
In order to leave comments, you need to log in
What vulnerability can be when CSRF token is equivalent to session id?
Those. I understand that it is necessary that the csrf token be unique and stored in the session.
But I'm working with a legacy project and there CSRF token is the session id
. With each request to the server, the token is added to the request and taken from the cookies like this
req.token =Ext.util.Cookies.get(Main.session_name);
After that, the server is simply checked like this:
$_POST['token'] ==$_COOKIE[$cookie_name] and if they are equal, then we work with the form data
(cookie: sid: 1234567890
req{token: 1234567890})
But I I can’t imagine how such an implementation can be exploited
If we force the user to go to our script that makes a request to the attacked server
then the browser will automatically send a request with the session () taken from the browser, but you can’t force it to send the same sessionid post from the cookies?
Answer the question
In order to leave comments, you need to log in
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question