Missing ValidateAntiForgeryToken

Question

Missing ValidateAntiForgeryToken

h3xstream opened this issue 8 years ago · 0 comments

Very simple pattern..

Vulnerable :

        [HttpPost]
        public ActionResult ControllerMethod(string input) {

            return null;
        }

Solution:

        [HttpPost]
        [ValidateAntiForgeryToken]
        public ActionResult ControllerMethod(string input) {

            return null;
        }