Logout csrf hackerone.
It looks like your JavaScript is disabled.
Logout csrf hackerone. Contribute to reddelexc/hackerone-reports development by creating an account on GitHub. Recently, I explored CSRF hacking — uncovering how real-world attackers exploit trust between users and websites, and how smart defenses can stop them in their tracks. @er_salil was able to demonstrate that the logout functionality had no CSRF protection which meant that they were able to log another user out by simply having that user submit a POST request to the `/logout` endpoint. free link | friend link Submissions that result in the alteration or theft of Sony data, or the interruption or degradation of Sony systems will not be accepted. This helps ensure a consistent hacker and customer experience across the platform. \n\nNon-Qualifying Vulnerabilities\n---------------------\nThe following submissions are not accepted by Secure@Sony: \n\n* Clickjacking \n* Logout Cross-Site Request Forgery\n* Involvement of Sony products . To use HackerOne, enable JavaScript in your browser and refresh this page. Summary: Attacker can takeover someone's account by stealing their facebook / google login tokens chaining multiple vulner It looks like your JavaScript is disabled. All active sessions are stored with an IP address and user agent that you can revoke at any time. ## Impact if an attacker found an xss on your domain and you fixed it but attacker still has csrf token of user, attacker can use it to perform any action. 6k1r7j mhigj p1fxv wj qqj 6f cfp31x sjsz xjx an7p1
Back to Top
