ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-18 18:36:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #292 from paupaulaz/master

Browse Source 
Puts the H1 reports at the right place
This commit is contained in:
Swissky 2020-11-22 12:57:27 +01:00 committed by GitHub
commit 13ed9c8628
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
Account Takeover/README.md
View File

@ -135,17 +135,16 @@ Refer to **HTTP Request Smuggling** vulnerability page.
GET http://something.burpcollaborator.net HTTP/1.1
X: X
```
Hackerone reports exploiting this bug
* https://hackerone.com/reports/737140
* https://hackerone.com/reports/771666
## Account Takeover via CSRF
1. Create a payload for the CSRF, e.g: "HTML form with auto submit for a password change"
2. Send the payload
Hackerone reports exploiting this bug
* https://hackerone.com/reports/737140
* https://hackerone.com/reports/771666
## Account Takeover via JWT
JSON Web Token might be used to authenticate an user.