Day 76: 0-100k in bug Bounty with a 9-5 Job Continued my Research on CSRF and read 30 reports, which taught me 1. Bypassing SameSite Lax/Strict 2. Bypassing CORS Pre-Flight Request 3. JSON Data CSRF 4. Various methods of sending GET and POST based CSRF requests @Rhynorater
2
10
90
8K
54
Download Image
While studying CSRF, I found this awesome CSRF MindMap Which will help you a lot
Some of the Interesting CSRF Reports JSON CSRF: anonymousyogi.medium.com/json-csrf-csrf… CSRF using Head Method: github.com/google/google-… CSRF bypass with Domain Confusion: infosecwriteups.com/csrf-bypass-us… RCE Via CSRF: ssd-disclosure.com/ssd-advisory-x… Self-XSS -> CSRF -> OAuth ATO: medium.com/@l_s_/self-xss…