Contents
References
- Portswigger: CSRF
- CSRF with IDOR - A Deadly Combo
- How I Got My First Bounty & Hof From Google (CSRF Lead To Account Delete)
- Site Wide CSRF On Glassdoor
- Research: The mass CSRFing of .google.com/ products.
- My first bug in google and how i got CSRF token for victim account rather than bypass it ($1337)!
- CSRF PoC mistake that broke crucial functions for the end user/victim
- Refocusing in bug hunting, Bonus: An interestingly simple to test CSRF bypass
- CSRF + Open Redirect To Account Takeover
- CSRF Attack!!!
- Let’s Bypass CSRF Protection & Password Confirmation to Takeover Victim Accounts :D
- How I leveraged an interesting CSRF vulnerability to turn self XSS into a persistent attack?
- Account takeover CSRF Misconfiguration
- How a Simple CSRF Attack Turned into a P1 Level Bug
- How I exploit the JSON CSRF with method override technique
- How I CSRF’d My First Bounty!
- Facebook CSRF bug which lead to Instagram Partial account takeover.
- Exploiting WebSocket [Application Wide XSS / CSRF]
- Site wide CSRF on a popular program
- Using CSRF I Got Weird Account Takeover
- CSRF CSRF CSRF…
- Google Bug Bounty: CSRF in learndigital.withgoogle.com
- CSRF Token Bypasss — A Tale of my $2k bug
- 2 FA Bypass via CSRF Attack
- Stored Iframe Injection + CSRF = Account Takeover 😎😎
- Media deletion CSRF vulnerability on Instagram
- How I turned Self XSS to Stored via CSRF
- An inconsistent CSRF
- CSRF Email Confirmation Vulnerability for Gmail & G-Suite in Facebook
- Bypass CSRF With ClickJacking Worth $1250
- [TOKOPEDIA] Site-wide CSRF through GraphQL request
- Account Takeover Using CSRF(json-based)
- CORS To CSRF Attack
- My First CSRF to Account Takeover worth $750
- 4x CSRFs Chained For Company Account Takeover
- CSRF Attack can lead to Stored XSS
- Yet Other Examples of Abusing CSRF in Logout
- WordPress 5.1 CSRF to Remote Code Execution
- Brute Forcing User IDS via CSRF To Delete all Users with CSRF attack.
- Facebook CSRF protection bypass which leads to Account Takeover
- Csrf Bypass Using Cross Frame Scripting
- Lintern@ute Account Takeover via Cross site request forgery
- A very useful technique to bypass the CSRF protection for fun and profit.
- CSRF account takeover Explained Automated/Manual — Bug Bounty
- CSRF account takeover in a company worth 1B$
- Microsoft CSRF Vulnerability
- [Critical] Bypass CSRF protection on IBM
- R-XSS -> CSRF bypass to account takeover/
- Send request to Martians. Earthlings are already your friends.
- Self-XSS + CSRF to Stored XSS
- Ribose — IDOR with Simple CSRF Bypass — Unrestricted Changes and Deletion to other Photo Profile
- Leaking WordPress CSRF Tokens for Fun, $1337 bounty, and CVE-2017-5489
- JSON CSRF attack on a Social Networking Site[Hackerone Platform]
- Hacking Facebook accounts using CSRF in Oculus-Facebook integration
- Leaking Amazon.com CSRF Tokens Using Service Worker API
- Facebook GraphQL CSRF
- Chain the vulnerabilities and take your report impact on the moon (CSRF to HTML INJECTION which results OPEN REDIRECT and could steal USER CREDENTIALS)
- That Escalated Quickly : From partial CSRF to reflected XSS to complete CSRF to Stored XSS
- Stealing Access Token of One-drive Integration By Chaining CSRF Vulnerability
- Vulnerability in Metasploit Project aka CVE-2017-5244
- Messenger.com Site-Wide CSRF
- Stealing Facebook access_tokens using CSRF in device login flow
- Two vulnerabilities makes an Exploit!! (XSS and CSRF in Bing)
- How I bypassed Facebook CSRF once again!
- Ubiquiti Bug Bounty: UniFi v3.2.10 Generic CSRF Protection Bypass
- How I bypassed Facebook CSRF Protection
- Flickr XSRF to Change Photo Details
- Facebook CSRF leading to full account takeover (fixed)
- CSRF ‘protection’ bypass on xvideos