Real world reports PoCs

You can read these real world CSRF PoCs to better understand how the bug is exploited in the real world scenarios.

CSRF Account Takeover famebit by Hassan Khan
Hacking PayPal Accounts with one click (Patched) by Yasser Ali
Add tweet to collection CSRF by vijay kumar
Facebookmarketingdevelopers.com: Proxies, CSRF Quandry and API Fun by phwd
How i Hacked your Beats account ? Apple Bug Bounty by @aaditya_purani
Paypal bug bounty: Updating the Paypal.me profile picture without consent (CSRF attack) by Florian Courtial
CSRF Account Takeover by Vulnerables
Uber CSRF Account Takeover by Ron Chan
Messenger.com CSRF that show you the steps when you check for CSRF by Jack Whitton

Reference: https://whoami.securitybreached.org/2019/06/03/guide-getting-started-in-bug-bounty-hunting/

PreviousCSRF Cross Site Request Forgery NextSSRF Server Side Request Forgery

Last updated 3 years ago