|
|
|
|
|
|
by skyraider
4778 days ago
|
|
|
Thanks for pointing this out. A lot of people here don't seem to realize that exploiting a CSRF vulnerability involves tricking the victim's browser into doing something. You cannot both a) forge the Referer header and b) trick the victim's browser into submitting a request - at the same time. It's true that the REFERER header isn't always included in requests, BUT when it is included, you can consider the request cookies you receive plus the REFERER header accurate when taken together, barring a browser vulnerability. If there is no browser vulnerability, the attacker doesn't get to mess with the REFERER header on the victim's browser. Note: It is NOT safe to trust an empty REFERER header. |
|
|