Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Problem generating a CSRF PoC

Zonduu Oct 15, 2019 09:15PM UTC

I understand how basic CSRF works and i have reported some csrf issue to some bug bounty programs in the past, but i have encountered this issue that i don't know what to do.

I get this little message when trying to generate a CSRF PoC on a POST request without csrf token or headers:

> Warning: The CSRF form uses a different encoding type than the original request, and so the application may not process the request in the way
required. Further, the CSRF form uses plain text encoding, and the request body cannot be exactly reproduced because it does not contain the =
character. Try modifying the original request so that the body contains the = character.

Where exactly i should add the = character if the original requests looks liek this, example:

{"phoneNumber":"+ 48-695-5581-39","zipCode":"12-312"}

i have tried all forms of the CSRF poc generator and all of them didn't work.

Hope you can help me, thanks.


Mike Eaton Oct 16, 2019 10:43AM UTC Support Center agent

Looking at the source code, it appears this error message is raised when the encoding type specified by the Content-Type header is unable to be determined, or if it is different to the Encoding Type specified in the user interface panel.

Is what you have selected in the user interface different from what is specified in the Content-Type header of the request?


Post Your public answer

Your name
Your email address
Answer