CSRF is Cross-Site Request Forgery vulnerability which can be used to force an user to conduct unintended actions on a Web Application. Using this flaw an attacker can perform various attacks based on the affected module such as changing Email ID, Password for the User's Account.
Cross-Site Request Forgery on JSON Endpoint using Fetch API as usual HTML Form does not work in API Request due to padding issue.
- Authentication Method should be cookie based only
- No Authentication Token in Header
- Same-Origin Policy should not be enforced
Change the URL and Body from the PoC file to perform the CSRF on JSON Endpoint.
More details on: rootsploit.com