Bypass CSRF-Token Verification
A few ways to Bypass CSRF-Token Verification: 1. Use a blank CSRF token value. 2. Completely remove the CSRF token parameter value from the request. 3. Use any random CSRF Token of the same length. 4. Create another user account, copy its CSRF Token value and use it in the victim's account. 5. Try to decode the CSRF Token and check if it is encoded with algorithms like Base64, If yes it can be generated for other users. 6. Change request method i.e. from POST to GET. There is a possibility that the action gets initiated in both GET and POST method and it doesn't require a token in case of GET Method. Adding: Try bypassing with referrer based. Check whether CSRF tokens are expired properly. -->Old CSRF token re-use require physical access to the machine in order to exploit also the account should be logged in the time attacker access the device. It's a very low severity.