I Sam (CoffeeJunkie) got my first bounty as also my first Account Take Over by Forgot Password Functionality :)
and, Rajesh Ranjan have gotten two reports triaged this week and waiting for a prompt answer from the programs!
Bypassing CSRF Protection by changing the Request Method from POST to GET
From Rajesh Ranjan. In this writeup, You’ll see how a researcher was able to bypass the CSRF protection by changing the request method from POST to GET which ended up with Account takeover vulnerability. Check out the writeup here.
From Sam (CoffeeJunkie). While looking for more things to learn and more vulnerabilities to check, HTTP Smuggling seemed as something pretty interesting to learn lately, so I checked couple labs and writeups in order to learn HTTP Smuggling, I’ll be updating the learning path for this vulnerability later on.
PortSwigger Academy: Has some hands on practice realted to this kind of vulnerabilities.
Write Ups and Explanations: As I have said before, some of the best sources at my opinion to learn other vulnerabilities are writeups from other hackers. Therefore here they are: