Hey Robin,
You shouldn't worry about GET or POST. A CSRF will happen in both
places. Its just that the GET is easier and more visible.
For a POST you could either use OWASP's CSRF Tester to record and
replay a request. Or you could create a HTML page manually with all
hidden variables and just a bu...
You shouldn't worry about GET or POST. A CSRF will happen in both
places. Its just that the GET is easier and more visible.
For a POST you could either use OWASP's CSRF Tester to record and
replay a request. Or you could create a HTML page manually with all
hidden variables and just a bu...
[ more ]