Merge pull request #292 from paupaulaz/master

Puts the H1 reports at the right place
This commit is contained in:
Swissky 2020-11-22 12:57:27 +01:00 committed by GitHub
commit 13ed9c8628
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -136,15 +136,14 @@ Refer to **HTTP Request Smuggling** vulnerability page.
X: X
```
## Account Takeover via CSRF
1. Create a payload for the CSRF, e.g: "HTML form with auto submit for a password change"
2. Send the payload
Hackerone reports exploiting this bug
* https://hackerone.com/reports/737140
* https://hackerone.com/reports/771666
## Account Takeover via CSRF
1. Create a payload for the CSRF, e.g: "HTML form with auto submit for a password change"
2. Send the payload
## Account Takeover via JWT