Preview Image

Performing CSRF exploits over GraphQL

Laboratorio de Portswigger sobre GraphQL API Vulnerabilities

Mar 20, 2025 Portswigger Labs, GraphQL API Vulnerabilities

Preview Image

CSRF with broken Referer validation

Laboratorio de Portswigger sobre CSRF

Mar 17, 2025 Portswigger Labs, CSRF

Preview Image

CSRF where Referer validation depends on header being present

Laboratorio de Portswigger sobre CSRF

Mar 16, 2025 Portswigger Labs, CSRF

Preview Image

SameSite Lax bypass via cookie refresh

Laboratorio de Portswigger sobre CSRF

Mar 16, 2025 Portswigger Labs, CSRF

Preview Image

SameSite Strict bypass via sibling domain

Laboratorio de Portswigger sobre CSRF

Mar 13, 2025 Portswigger Labs, CSRF

Preview Image

SameSite Strict bypass via client-side redirect

Laboratorio de Portswigger sobre CSRF

Mar 12, 2025 Portswigger Labs, CSRF

Preview Image

SameSite Lax bypass via method override

Laboratorio de Portswigger sobre CSRF

Mar 12, 2025 Portswigger Labs, CSRF

Preview Image

CSRF where token is duplicated in cookie

Laboratorio de Portswigger sobre CSRF

Mar 9, 2025 Portswigger Labs, CSRF

Preview Image

CSRF where token is tied to non-session cookie

Laboratorio de Portswigger sobre CSRF

Mar 9, 2025 Portswigger Labs, CSRF

Preview Image

CSRF where token is not tied to user session

Laboratorio de Portswigger sobre CSRF

Mar 7, 2025 Portswigger Labs, CSRF