Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
URL based CSRF based on a GET request.
Lets suppose we know this website is vulnerable to CSRF:
We know the endpoint to reset the password and email the new password to the users email would be /settings/password?action=reset-password&
Then we can craft a link like this: https ://
And send this link to the user perhaps through a fake support account or someting similiar and we will get the new password sent to our email instead of the users.

Or perhaps the link would look like: https ://
Then we can just change the link to: https ://
And try to get the user to click on it same as in Reflected XSS.

just some guy

Messages In This Thread
URL based CSRF based on a GET request. - by 0xgh64 - 08-31-2022, 09:25 PM

Forum Jump:

Users browsing this thread: 2 Guest(s)