daffainfo
/
PayloadsAllTheThings
mirror of https://github.com/daffainfo/PayloadsAllTheThings.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #292 from paupaulaz/master 

Puts the H1 reports at the right place
patch-1
Swissky 2020-11-22 12:57:27 +01:00 committed by GitHub
parent a639121b21 b7547cc171
commit 13ed9c8628
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
Account Takeover/README.md
View File

@ -136,15 +136,14 @@ Refer to **HTTP Request Smuggling** vulnerability page.
X: X X: X
``` ```
## Account Takeover via CSRF
1. Create a payload for the CSRF, e.g: "HTML form with auto submit for a password change"
2. Send the payload
Hackerone reports exploiting this bug Hackerone reports exploiting this bug
* https://hackerone.com/reports/737140 * https://hackerone.com/reports/737140
* https://hackerone.com/reports/771666 * https://hackerone.com/reports/771666
## Account Takeover via CSRF
1. Create a payload for the CSRF, e.g: "HTML form with auto submit for a password change"
2. Send the payload
## Account Takeover via JWT ## Account Takeover via JWT