CSRF Vulnerability In Laravel 4

On November 7th, Chris Smith (@chrismsnz) of Insomnia Security alerted the Laravel development team of a method of bypassing the CSRF verification in Laravel 4 applications.

To patch your applications, modify the default CSRF route filter in the app/filters.php file to the following:

Route::filter('csrf', function()
    if (Session::token() !== Input::get('_token'))
        throw new IlluminateSessionTokenMismatchException;

Checkout the announcement post for all the details.