API tools faq
paste
Advertisement
ransome_business

Untitled

ransome_business
Jul 12th, 2022
101
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.81 KB | None | 0 0
raw download clone embed print report
  1. Bug - Cross Site Request Forgery (CSRF)
  2.  
  3. Summary - Cross-Site Request Forgery (CSRF) is an attack that forces authenticated users to submit a request to a Web application against which they are currently authenticated. CSRF attacks exploit the trust a Web application has in an authenticated user.
  4.  
  5. Steps To Reproduce :-
  6. 1. Login into two accounts in two browser.
  7. 2. Add some items in basket from one account, while adding intercept the GET request and search for engagement tools in burp proxy.
  8. 3. Generate a CSRF POC.
  9. 4. Open it in the other browser.
  10. 5. We can see some data in the tab. Refresh the other account page and we can see the items are added in that account as well.
  11.  
  12. Reference :-
  13. 1. https://hackerone.com/reports/834366
  14. 2. https://hackerone.com/reports/419891
  15. 3. https://hackerone.com/reports/152569
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!