Critical Thinking - Bug Bounty Podcast cover image

Episode 28: Surfin' with CSRFs

Critical Thinking - Bug Bounty Podcast

00:00

How to Bypass the C Surf Check and Get the Bug Fixed

You can actually set the referrer policy on your own page to send the full URL. I didn't know that refers because that was a big problem for a long time where API tokens and stuff would get leaked through a refer header. And so plop that into my page, you know, sent the user to that page and it sent the full URL, which allowed me to bypass the C surf check and got got the bug. So I don't know, man, that sort of fringe stuff like that just gets my blood pumping. I love it.

Transcript
Play full episode

The AI-powered Podcast Player

Save insights by tapping your headphones, chat with episodes, discover the best highlights - and more!
App store bannerPlay store banner
 Get the app