mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-18 18:36:10 +00:00
Puts the H1 reports at the right place
The HackerOne reports mentioned in this doc are referring to Request Smuggling, not CSRF
This commit is contained in:
parent
a639121b21
commit
b7547cc171
@ -136,15 +136,14 @@ Refer to **HTTP Request Smuggling** vulnerability page.
|
||||
X: X
|
||||
```
|
||||
|
||||
## Account Takeover via CSRF
|
||||
|
||||
1. Create a payload for the CSRF, e.g: "HTML form with auto submit for a password change"
|
||||
2. Send the payload
|
||||
|
||||
Hackerone reports exploiting this bug
|
||||
* https://hackerone.com/reports/737140
|
||||
* https://hackerone.com/reports/771666
|
||||
|
||||
## Account Takeover via CSRF
|
||||
|
||||
1. Create a payload for the CSRF, e.g: "HTML form with auto submit for a password change"
|
||||
2. Send the payload
|
||||
|
||||
## Account Takeover via JWT
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user