Reporting CSRF via Openbugbounty

The website is vulnerable to CSRF because there is no use of Anti-CSRF tokens in the website but the main focus of this post is how to submit a proper CSRF report via OBB because in the start OBB couldn’t reproduce the CSRF reports and they all went to the rejected section in my case and in result making this post. Not only for bounty but you’ll get the idea what important things we should keep in our mind when making a detailed CSRF report.

Launching Open Bug Bounty Blog and new platform features

Hey Folks,

Following our ongoing success, please welcome:

1) Open Bug Bounty blog available for security researchers to share their bug hunting experience, discuss new web application attacks and provide website hardening guidelines for website owners.

Please read the rules before posting: Blog Posting Rules

Best blogs will be highlighted and promoted in our social networks, badges for top bloggers are also coming.

2) Website owners and security researchers can now comment their submissions (login required) to privately share vulnerability details, provide faster remediation and agree on bounty (if any). These comments will be visible only to them.

3) Website owners can now request patch verification at any time to change submission status to “fixed”.

This is a first major update in 2019, other major novelties are coming soon – stay tuned ;]