CSRF Vulnerability In Laravel 4
Published on by Eric L. Barnes
On November 7th, Chris Smith (@chrismsnz) of Insomnia Security alerted the Laravel development team of a method of bypassing the CSRF verification in Laravel 4 applications.
To patch your applications, modify the default CSRF route filter in the app/filters.php file to the following:
Route::filter('csrf', function(){ if (Session::token() !== Input::get('_token')) { throw new IlluminateSessionTokenMismatchException; }});
Checkout the announcement post for all the details.
Eric is the creator of Laravel News and has been covering Laravel since 2012.