Skip to content

jasisk/lusca-76-proof

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
exploit
exploit
 
 
real-app
real-app
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
package.json
package.json
 
 

Repository files navigation

Proof of exploit for lusca#76

To view exploit:

  1. npm start
  2. Visit http://127.0.0.1:8000. You'll see 'isSecure: true'.
  3. now, in another tab: npm run exploit-server
  4. visit http://127.0.0.1:8080. Different port means different origin but feel free to add a hosts entry for absolute certainty. You'll be forwarded back to the original app but now you'll see isSecure: false. We just triggered an action on behalf of the user from another domain (which is precisely what csrf is intended to prevent against).

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages