Press "Enter" to skip to content

Exploiting CSRF on JSON Endpoint without Flash


Before we begin with JSON CSRF we need to nail down the Fundamentals of traditional CSRF and JSON based CSRF.

What is CSRF?

CSRF is Cross-Site Request Forgery vulnerability which can be used to force an user to conduct unintended actions on a Web Application. Using this flaw an attacker can perform various attacks based on the affected module such as changing Email ID, Password for the User’s Account.

CSRF on JSON Endpoint:

When performing CSRF on JSON Endpoint Server usually rejects the request due to extra padding from traditional CSRF Exploit with HTML forms. Usually server checks for Content-Type: application/json Header which becomes hard to exploit as we cannot change content-type in HTML. In order to perform JSON CSRF below conditions should be met:

  • User should be loggedin
  • Authentication Method should be cookie based only
  • No Authentication Token present in Header
  • Same-Origin Policy should not be enforced
  • Application accepts any content type: Easily Exploitable with HTML forms
  • Application only accepts application/json content type: Exploitable with Fetch API

When trying CSRF on such Endpoints with HTML we can often face padding issues due to HTML Forms which is why we are going to use Fetch API in Javascript.

CSRF Fails due to padding in HTML form for JSON request

We are going to use our JSON CSRF PoC Code from Github and replace URL and JSON Body.

JSON CSRF Exploit Code

You can find this exploit code on the github page.

Using above code we can edit the URL and replace the body with the JSON Data to perform CSRF.


After performing CSRF we are redirecting user to other page.

CSRF Exploited and User Redirected


This CSRF was exploitable due to lack of Anti-CSRF Token and Cookie Based Authentication, using Token Based Authentication could have fixed the issue as well.

Thank for reading do follow @rootsploit for more InfoSec Writeups!!!



  1. skofos skofos August 1, 2020

    nice mateee i love this article

  2. Gt Gt August 4, 2020


  3. Darin Darin January 19, 2021

    One the training has ended you will be required to fill some online forms for
    several companies. Sometimes, clients based their decisions in hiring with the information inside
    the resume. It is important to execute a criminal history check for
    the program along with the people running it to make sure you’re picking a legitimate one.

  4. free bitcoin free bitcoin January 19, 2021

    Hi there, I enjoy reading through your post. I wanted to write a little comment to support you.

  5. takip├ži sat─▒n al takip├ži sat─▒n al January 20, 2021

    Takip├ži sat─▒n almak i├žin t─▒klay─▒n. Hemen t─▒klay─▒n ve takip├ži sat─▒n al sayfam─▒zdan takip├ži sat─▒n al─▒n.

  6. microsoft word indir microsoft word indir January 20, 2021

    Microsoft word indirmek i├žin t─▒klay─▒n. Microsoft word indir sayfam─▒zdan hemen indirebilirsiniz.

  7. netblu netblu January 20, 2021

    Netblu indirmek i├žin t─▒klay─▒n. Netblu indir sayfam─▒zdan netblu indirin.

Leave a Reply

Your email address will not be published. Required fields are marked *