3 Comments

Did you look at the XST link at the bottom of the blog? There's a PoC site and a sample script you can use to see it work in practice. The will give you a grounding in combining the override headers and CORS in practice.

For CSRF, the principal is the same, but the detail will be different (as there are lots of approaches sites take for CSRF protections). So you just need to apply the principals to the challenge at hand.

So for example, if the site uses a cookie marked as httpOnly to transport the CSRF token (which the client then flips into a header in requests) you can use a site that is vulnerable to a method overide and which also responds to TRACE to get the CSRF token, which you can then replay in your attack.

Expand full comment

Awesome content. Lacking pocs. It may seem obvious to u but how do we actually use this to bypass CSRF protections?

Expand full comment

thac

Expand full comment