Exploitation Tricks

• Try to search for parameters that lead to redirects and fuzz them

• Also test the mobile version of the website, sometimes it is different or uses a different backend

Exploits

References

• PayloadAllTheThings CSRF injection

• Hacktricks CSRF section