Burp Suite User Forum

Login to post

CSRF issue

David | Last updated: Mar 16, 2023 05:01PM UTC

When I run Burp Suite scanner on my website I get the following issue on many pages. "The request appears to be vulnerable to cross-site request forgery (CSRF) attacks against authenticated users." These pages have no forms or inputs on them so I am trying to understand what is triggering this issue. Comparing the 2 responses (the one with the valid referrer domain and the one with the bogus referrer domain) they look the same.

Michelle, PortSwigger Agent | Last updated: Mar 17, 2023 12:17PM UTC

I’m sorry, but our support service is here to provide technical advice with Burp Suite. Unfortunately, we can't provide specific assistance with dissecting/explaining scan individual reports. The issue definition should provide a few more details on the attack and remediation options as well as some links to useful reference materials that may help you manually replicate the issue.

You need to Log in to post a reply. Or register here, for free.