Hard to understand :(
-
-
-
We where all there once before just keep practicing and reading and you will start to understand there will be that, "now I understand" moment.
- Još 4 druga odgovora
Novi razgovor -
-
-
I dont see any impact/risk or account takeover here. Additionally you need access to the personal email account of the user to take over his account & that's not an issue of the webApp without CSRF.
-
Yes!! If the app has no csrf protection in the password or email change functionality you can generate a PoC and get the victim to open the file or go to the domain with the malicious script and you will reset there email and password to what you desire and you can login.
- Još 2 druga odgovora
Novi razgovor -
-
-
maybe you mean password change functionality without old password requirement?
-
Thanks, that's what I was saying.
@_dzervas
Kraj razgovora
Novi razgovor -
-
-
although I'm not quite familiar with CSRF attack, but this summary really makes me understand it quickly, thanks!
-
Thanks, all the best!!
Kraj razgovora
Novi razgovor -
-
-
Awesome dude
-
Thanks dude
Kraj razgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.
| Gamer Love Java
Youtuber - krypt0mux
Patreon -