CSRF through URL with # tag parameter

In this write up I want to share a very simple kind of CSRF bug that I found in a bug bounty program that didn’t require me to use Burpsuite or any other proxy tools to discover.

If you’re not familiar with the CSRF vulnerability I suggest you read this article before continuing https://owasp.org/www-community/attacks/csrf.

Usually CSRFs are found either in forms on websites or through URLs that initiate some action. In this case I found a CSRF through a URL that initiated one of the main functionalities of a website. This URL I found it by…