mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-05-17 23:56:12 +02:00
Puts the H1 reports at the right place
The HackerOne reports mentioned in this doc are referring to Request Smuggling, not CSRF
This commit is contained in:
paupaulaz
parent
a639121b21
commit
b7547cc171
GPG Key ID:
4AEE18F83AFDEB23
|
|
@ -135,17 +135,16 @@ Refer to **HTTP Request Smuggling** vulnerability page.
|
|||
GET http://something.burpcollaborator.net HTTP/1.1
|
||||
X: X
|
||||
```
|
||||
|
||||
Hackerone reports exploiting this bug
|
||||
* https://hackerone.com/reports/737140
|
||||
* https://hackerone.com/reports/771666
|
||||
|
||||
## Account Takeover via CSRF
|
||||
|
||||
1. Create a payload for the CSRF, e.g: "HTML form with auto submit for a password change"
|
||||
2. Send the payload
|
||||
|
||||
Hackerone reports exploiting this bug
|
||||
* https://hackerone.com/reports/737140
|
||||
* https://hackerone.com/reports/771666
|
||||
|
||||
|
||||
## Account Takeover via JWT
|
||||
|
||||
JSON Web Token might be used to authenticate an user.
|
||||
|
|
|
|||
Loading…
Reference in New Issue