Episode 3: H1-407 Event Madness & Takeaways Part 1
Critical Thinking - Bug Bounty Podcast
00:00
CSRF Attacks - Is There a Way to Reset a Cookie?
I just ran into a situation again, where I found a really impactful bug that I was able to execute because there was a path where you can see us are off login and log out. And that resulted in the session cookie getting reset. What that does then is it resets the timer on the same site post plus lacks, or maybe it's lacks plus post. That will really open up a lot of CSRF to attack surface. But until the browsers remediate that lacks plus post sort of temporary solution that they've got in place, Joel is literally like benching this cat right now.
Transcript
Play full episode
