How JSON CSRF can be exploitable? The JSON CSRF can be exploited in four ways depending on other factors that we will discuss: By using normal HTML Form1: When Content-Type is not validating at the server-side and also not checking for the POST data if it’s correctly formatted or not. By using normal HTML Form2 (By Fetch Request): When Content-Type is not validating at the server-side and only checking for the POST data if it’s correctly formatted or not. By using XMLHTTP Request/AJAX request: When Content-Type is validating at the server-side and the server accepts only “ Content-Type: application/json” By using Flash file: When Content-Type is validating at the server-side and the server accepts only “ Content-Type: application/json” and CORS is also configured properly Case1: When Content-Type is not validating at the server-side and also not checking for the POST data if it’s correctly formatted or not. Why do we need to check by changing the Content-Type? Because we ca
A blog is all about cyber security, WAPT, VAPT, API Security Testing, Scripts, Automation and Random stuff