ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-20 19:36:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #292 from paupaulaz/master

Browse Source 
Puts the H1 reports at the right place
This commit is contained in:
Swissky 2020-11-22 12:57:27 +01:00 committed by GitHub
commit 13ed9c8628
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
Account Takeover/README.md
View File

@ -136,15 +136,14 @@ Refer to **HTTP Request Smuggling** vulnerability page.
X: X X: X
``` ```
## Account Takeover via CSRF
1. Create a payload for the CSRF, e.g: "HTML form with auto submit for a password change"
2. Send the payload
Hackerone reports exploiting this bug Hackerone reports exploiting this bug
* https://hackerone.com/reports/737140 * https://hackerone.com/reports/737140
* https://hackerone.com/reports/771666 * https://hackerone.com/reports/771666
## Account Takeover via CSRF
1. Create a payload for the CSRF, e.g: "HTML form with auto submit for a password change"
2. Send the payload
## Account Takeover via JWT ## Account Takeover via JWT