| 4542 | [Critical] Bypass CSRF protection on IBM |
CSRF |
IBM |
Mohamed Sayed (@FlEx0Geek) |
Bug Bounty | 2018-10-09 | 2023-06-13 |
| 4530 | Microsoft CSRF Vulnerability |
CSRF |
Microsoft |
Adesh Nandkishor kolte (@AdeshKolte) |
Bug Bounty | 2018-10-12 | 2023-06-13 |
| 4513 | CSRF account takeover Explained Automated/Manual — Bug Bounty |
CSRF
Account takeover |
OpenMenu |
Vulnerables |
Bug Bounty | 2018-10-26 | 2023-06-13 |
| 4512 | A very useful technique to bypass the CSRF protection for fun and profit. |
CSRF |
NA |
Yeasir Arafat |
Bug Bounty | 2018-10-26 | 2023-06-13 |
| 4507 | Improper CSRF token handling leads to site-wide CSRF issue, chained with clickjacking = woot! Multiple sites vulnerable |
CSRF
Clickjacking |
NA |
Zseano (@zseano) |
Bug Bounty | 2018-10-29 | 2023-06-13 |
| 4504 | CSRF %27protection%27 bypass on xvideos |
CSRF |
xvideos |
Zseano (@zseano) |
Bug Bounty | 2018-10-30 | 2023-06-13 |
| 4482 | Chain exploitation of XSS |
DOM XSS
Clickjacking
CSRF |
NA |
Mikhail Klyuchnikov (@__Mn1__) |
Bug Bounty | 2018-11-12 | 2023-06-13 |
| 4481 | Patched Facebook Vulnerability Could Have Exposed Private Information About You and Your Friends |
CSRF
Information disclosure |
Meta / Facebook |
Ron Masas (@RonMasas) |
Bug Bounty | 2018-11-13 | 2023-06-13 |
| 4459 | How i Found Information Disclosure on Scribd.com |
CSRF |
Scribd.com |
Zerb0a |
Bug Bounty | 2018-11-22 | 2023-06-13 |
| 4411 | Remote Code Execution on a Facebook server |
LFI
RCE
CSRF |
phpMyAdmin |
Daniel Le Gall (@Blaklis_) |
Bug Bounty | 2018-12-14 | 2023-06-13 |
| 4377 | How I could have taken over any Pinterest account |
CSRF
Account takeover |
Pinterest |
Arnold Anthony (@armold9anthony) |
Bug Bounty | 2019-01-05 | 2023-06-13 |
| 4359 | Oauth Misconfiguration lead to complete account takeover |
CSRF
OAuth
Account takeover |
NA |
Jackson kv (@Jacksonkv22) |
Bug Bounty | 2019-01-20 | 2023-06-13 |
| 4312 | Csrf Bypass Using Cross Frame Scripting |
CSRF |
NA |
Mr.Hacker (@mr_hacker0007) |
Bug Bounty | 2019-02-10 | 2023-06-13 |
| 4257 | Brute Forcing User IDS via CSRF To Delete all Users with CSRF attack. |
CSRF
Bruteforce |
NA |
Armaan Pathan (@armaancrockroax) |
Bug Bounty | 2019-03-12 | 2023-06-13 |
| 4252 | WordPress 5.1 CSRF to Remote Code Execution |
CSRF
RCE
HTML injection |
WordPress |
Simon Scannell (@scannell_simon) |
Bug Bounty | 2019-03-13 | 2023-06-13 |
| 4233 | How I could have hijacked a victim’s YouTube notifications! (Google VRP Writeup) |
CSRF |
Google |
Yash Sodha (@y_sodha) |
Bug Bounty | 2019-03-26 | 2023-06-13 |
| 4218 | Same-Origin Policy: From birth until today |
SOP bypass
Browser hacking
CSRF
CORS |
Mozilla
Google (Chrome)
Opera |
Alex Nikolova (@AaylaSecura1138) |
Bug Bounty | 2019-04-04 | 2023-06-13 |
| 4212 | Obtaining XSS Using Moodle Features and Minor Bugs |
Login CSRF
XSS |
Moodle |
Daniel Thatcher (@_danielthatcher) |
Bug Bounty | 2019-04-09 | 2023-06-13 |
| 4207 | Account Takeover by chaining two vulnerabilities. |
CSRF
Open redirect
Account takeover |
NA |
Sheraz Khalid |
Bug Bounty | 2019-04-10 | 2023-06-13 |
| 4186 | Yet Other Examples of Abusing CSRF in Logout |
CSRF |
NA |
Soroush Dalili (@irsdl) |
Bug Bounty | 2019-04-23 | 2023-06-13 |
| 4181 | CSRF Attack can lead to Stored XSS |
CSRF
Stored XSS |
NA |
Mohamed Sayed (@FlEx0Geek) |
Bug Bounty | 2019-04-25 | 2023-06-13 |
| 4158 | 4x CSRFs Chained For Company Account Takeover |
CSRF
Account takeover |
NA |
A Bug’z Life (@abugzlife1) |
Bug Bounty | 2019-05-08 | 2023-06-13 |
| 4149 | Stealing Downloads from Slack Users |
CSRF |
Slack |
David Wells |
Bug Bounty | 2019-05-17 | 2023-06-13 |
| 4129 | My First CSRF to Account Takeover worth $750 |
CSRF
Account takeover |
NA |
Nishant Saurav (@inishantsinha) |
Bug Bounty | 2019-05-30 | 2023-06-13 |
| 4101 | Account Takeover Worth $900 |
Account takeover
CSRF |
NA |
Saad Ahmed (@XSaadAhmedX) |
Bug Bounty | 2019-06-16 | 2023-06-13 |
