On November 7th, Chris Smith (@chrismsnz) of Insomnia Security alerted the Laravel development team of a method of bypassing the CSRF verification in Laravel 4 applications.
To patch your applications, modify the default CSRF route filter in the app/filters.php file to the following:
Route::filter('csrf', function()
{
if (Session::token() !== Input::get('_token'))
{
throw new IlluminateSessionTokenMismatchException;
}
});
Checkout the announcement post for all the details.
CSRF Vulnerability In Laravel 4 is a post from Laravel News.
