Top 25 CSRF Bug Bounty Reports

Cristian Cornea
5 min readJan 8, 2021
(Source: Unsplash)

In this article, we will discuss CSRF vulnerability, how to find one and present 25 disclosed reports based on this issue.

What is CSRF?

Cross-Site Request Forgery or CSRF is a web-based vulnerability through which an attacker targets the client-side into executing or performing unwanted actions while they are authenticated. This issue must be combinated with a social engineering technique in order to accomplish its exploitation goals. The impact can vary from low severity to a complete application compromise, depending on the components and endpoints affected of CSRF.

Types of Cross-Site Request Forgery

Let’s take a look over three common types of CSRF:

  • URL-based CSRF: It can be easily exploited, because the attacker needs only to craft a specific URL, and waits for the victim to click it. This affects only requests that accept GET HTTP Method.

For example, let’s suppose we have an administrator portal located at the following URL:

https://corneacristian.medium.com/admin.php

This portal can be accessed only with a password, which can be generated by a system administrator already authenticated into the administration portal, by accessing the following link:

--

--

Cristian Cornea
Cristian Cornea

Written by Cristian Cornea

🥷🏻Zerotak - Cyber Security & Pentesting 🧑‍🎓CSTCE - Cyber Security Training Centre of Excellence 🦉SectionX.io - Threat Intel🧛🏼BSides Transylvania

Responses (1)