Hello guys, Hope all are doing good. I’m Abhisek, here’s a small write up on CSRF vulnerability I found in a Bug Bounty program. Don’t worry new people, Its beginner friendly.

Since I’m not supposed to disclose the site, Let’s take redacted[dot]com as our target. Okay, moving ahead.

First of all, What does Cross-Site Request Forgery (CSRF) mean? On simple words. It is kind of a one click attack, where a malicious request is submitted by the victim without his/her knowledge which may lead to occurrence of sensitive actions. …

Recently I was been working on Facebook Whitehat program and I wanted to explain a bug which I found — OPEN REDIRECT

Hey, hope all are good. I’m Abhisek here

Disclaimer: This is for educational purposes only. I’m not in any way liable for any misuse.

When I was looking for low hanging bugs on Facebook, open redirect was the one which attracted me. So quickly launched Facebook and looked the requests sent during the process of redirection.