Biscuit's Bug Bounty Playbook

⌘Ctrlk

🟢CSRF

Superhuman (formerly Grammarly) disclosed on HackerOne: Lack of...HackerOne

Logitech disclosed on HackerOne: One Click Account takeover using...HackerOne

U.S. Dept Of Defense disclosed on HackerOne: Account takeover...HackerOne

Reddit disclosed on HackerOne: CSRF (protection bypassed) to force...HackerOne

https://hackerone.com/reports/1066189hackerone.com

Gratipay disclosed on HackerOne: CSRF csrftoken in cookiesHackerOne

drchrono disclosed on HackerOne: CSRF Add Album On onpatient.comHackerOne

Coinbase disclosed on HackerOne: CSRF bug on password changeHackerOne

Site Wide CSRF on GlassdoorWitCoat Security Blog

PreviousRequest Forgery (CSRF & SSRF)NextSSRF

Last updated 1 year ago