commit
13ed9c8628
|
@ -135,17 +135,16 @@ Refer to **HTTP Request Smuggling** vulnerability page.
|
||||||
GET http://something.burpcollaborator.net HTTP/1.1
|
GET http://something.burpcollaborator.net HTTP/1.1
|
||||||
X: X
|
X: X
|
||||||
```
|
```
|
||||||
|
|
||||||
|
Hackerone reports exploiting this bug
|
||||||
|
* https://hackerone.com/reports/737140
|
||||||
|
* https://hackerone.com/reports/771666
|
||||||
|
|
||||||
## Account Takeover via CSRF
|
## Account Takeover via CSRF
|
||||||
|
|
||||||
1. Create a payload for the CSRF, e.g: "HTML form with auto submit for a password change"
|
1. Create a payload for the CSRF, e.g: "HTML form with auto submit for a password change"
|
||||||
2. Send the payload
|
2. Send the payload
|
||||||
|
|
||||||
Hackerone reports exploiting this bug
|
|
||||||
* https://hackerone.com/reports/737140
|
|
||||||
* https://hackerone.com/reports/771666
|
|
||||||
|
|
||||||
|
|
||||||
## Account Takeover via JWT
|
## Account Takeover via JWT
|
||||||
|
|
||||||
JSON Web Token might be used to authenticate an user.
|
JSON Web Token might be used to authenticate an user.
|
||||||
|
|
Loading…
Reference in New Issue