???? Full case study:
???? Subscribe to BBRE Premium: https://bbre.dev/premium
✉️ Sign up for the mailing list: https://bbre.dev/nl
???? Follow me on Twitter: https://bbre.dev/tw

This video is a part of the CSRF case study where I extracted all the disclosed CSRF reports from the Internet and I studied them to adjust my CSRF bug hunting methodology. This free part of the case study covers the SameSite attribute and its impact on reports.

???? Get $100 in credits for Digital Ocean: https://bbre.dev/do

Reports mentioned in the video:
https://lokeshdlk77.medium.com/facebook-sms-captcha-was-vulnerable-to-csrf-attack-8db537b1e980
https://github.com/cymtrick/lol/blob/d17ed765129b26a1bf8060757e5aebd4e237c908/_posts/2016-09-20-Facebook-partners-CSRF.md
https://yeuchimse.com/csrf-protection-bypass-in-atlassian-confluence-server/
https://bugs.xdavidhu.me/google/2021/04/05/i-built-a-tv-that-plays-all-of-your-private-youtube-videos/
https://youtu.be/miQvovD3c04
https://ermetic.com/blog/azure/emojideploy-smile-your-azure-web-service-just-got-rced/
https://gitlab.com/gitlab-org/gitlab/-/issues/365427
https://youtu.be/z27bkSMARA8
https://webs3c.com/t/csrf-leads-to-account-takeover-in-yahoo/93


Timestamps:

00:00 Intro
00:40 GET-based CSRF
2:43 CSRF reports by year
4:40 Reports that don’t mention SameSite
7:39 SameSite=None
9:08 Client-side path traversal
11:41 Exploiting Chrome’s 2-minute attack window

Add comment

Your email address will not be published. Required fields are marked *