Preview Image

Performing CSRF exploits over GraphQL

Laboratorio de Portswigger sobre GraphQL API

20/03/2025 Portswigger Labs, GraphQL API

Preview Image

CSRF with broken Referer validation

Laboratorio de Portswigger sobre CSRF

17/03/2025 Portswigger Labs, CSRF

Preview Image

CSRF where Referer validation depends on header being present

Laboratorio de Portswigger sobre CSRF

16/03/2025 Portswigger Labs, CSRF

Preview Image

SameSite Lax bypass via cookie refresh

Laboratorio de Portswigger sobre CSRF

16/03/2025 Portswigger Labs, CSRF

Preview Image

SameSite Strict bypass via sibling domain

Laboratorio de Portswigger sobre CSRF

13/03/2025 Portswigger Labs, CSRF

Preview Image

SameSite Strict bypass via client-side redirect

Laboratorio de Portswigger sobre CSRF

12/03/2025 Portswigger Labs, CSRF

Preview Image

SameSite Lax bypass via method override

Laboratorio de Portswigger sobre CSRF

12/03/2025 Portswigger Labs, CSRF

Preview Image

CSRF where token is duplicated in cookie

Laboratorio de Portswigger sobre CSRF

09/03/2025 Portswigger Labs, CSRF

Preview Image

CSRF where token is tied to non-session cookie

Laboratorio de Portswigger sobre CSRF

09/03/2025 Portswigger Labs, CSRF

Preview Image

CSRF where token is not tied to user session

Laboratorio de Portswigger sobre CSRF

07/03/2025 Portswigger Labs, CSRF