GitBook: [master] one page and one asset modified

pentesting-web/csrf-cross-site-request-forgery.md

@@ -7,7 +7,7 @@ This is done by **making a logged in user** in the victim platform access an att
 
 ### Requisites
 
-In order to be able to abuse a CSRF vulnerability you first need to **find a relevant action to abuse** \(change password or email, make the victim follow you on a social network, give you more privileges...\). The **session must rely only on cookies**, any other header can't be used to handle the session. An finally, there **shouldn't be unpredictable parameters** on the request.
+In order to be able to abuse a CSRF vulnerability you first need to **find a relevant action to abuse** \(change password or email, make the victim follow you on a social network, give you more privileges...\). The **session must rely only on cookies or HTTP Basic Authentication header**, any other header can't be used to handle the session. An finally, there **shouldn't be unpredictable parameters** on the request.
 
 Several **counter-measures** could be in place to avoid this vulnerability. 
 
@@ -121,6 +121,10 @@ If a **CSRF token** is being used as **defence** you could try to **ex-filtrate
 The URL you are requesting is no longer available
 ```
 
+Other HTML5 tags that can be used to automatically send a GET request are:
+
+![](../.gitbook/assets/image%20%28509%29.png)
+
 ### Make a GET request using a form
 
 ```markup