Steps to Reproduce :
1) Go to https://www1.oculus.com/order/
2) See the source code
3) And see the code of the order form
4) There is no auth or csrf token present in there to
forward the request.
2) See the source code
3) And see the code of the order form
4) There is no auth or csrf token present in there to
forward the request.
Another way of checking:
1) Open mozila and go to https://www1.oculus.com/order/
2) and start the tool tamper data
3) fill all the information required and tamper the
request you will see no csrf token in the request.
2) and start the tool tamper data
3) fill all the information required and tamper the
request you will see no csrf token in the request.
No comments:
Post a Comment