Episode 28: Surfin' with CSRFs
Critical Thinking - Bug Bounty Podcast
00:00
The Reality of C-Surfing
Joel: To some extent you could count that as a C-Surf, but it's not really like in the classical sense. Like if you click a deep link for my browser, nothing that gets passed through tells the app that I click that from attacker.com. If you want for somebody to be able to add a friend, either you have to have a separate X, a separate route that is exposed. That's like add a friend confirm. And then when they click that, then the app does different functionality where they confirm it explicitly. But the fact that that deep link exists means that it will always be reachable if it's exposed.
Transcript
Play full episode
