penetration-testing

Also knows as GM, an american corporation that manufactures vehical and its parts and sells financial services.

About vulnerability :

Vulnerability type : CSRF
vulnerable URL : https://my.gm.com/loggedout

DESCRIPTION:

Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated.If the victim is a normal user, a successful CSRF attack can force the user to perform state changing requests like transferring funds, changing their email address, and so forth. If the victim is an administrative account, CSRF can compromise the entire web application.

POC:

We prevent user to Stay log in.
html file.
here we have a code for csrf attack this for run this:
-Simply Save this into one another name.html file
-Send this to Victim

CODE:





With this code user not only logout but also can’t stay login again

Leave a Reply

Your email address will not be published. Required fields are marked *

*