Merge pull request #292 from paupaulaz/master

Puts the H1 reports at the right place
patch-1
Swissky 2020-11-22 12:57:27 +01:00 committed by GitHub
commit 13ed9c8628
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 5 deletions

View File

@ -135,17 +135,16 @@ Refer to **HTTP Request Smuggling** vulnerability page.
GET http://something.burpcollaborator.net HTTP/1.1 GET http://something.burpcollaborator.net HTTP/1.1
X: X X: X
``` ```
Hackerone reports exploiting this bug
* https://hackerone.com/reports/737140
* https://hackerone.com/reports/771666
## Account Takeover via CSRF ## Account Takeover via CSRF
1. Create a payload for the CSRF, e.g: "HTML form with auto submit for a password change" 1. Create a payload for the CSRF, e.g: "HTML form with auto submit for a password change"
2. Send the payload 2. Send the payload
Hackerone reports exploiting this bug
* https://hackerone.com/reports/737140
* https://hackerone.com/reports/771666
## Account Takeover via JWT ## Account Takeover via JWT
JSON Web Token might be used to authenticate an user. JSON Web Token might be used to authenticate an user.