Account Takeover Using CSRF(json-based)
Client Side Request Forgery
I was hunting on Bugcrowd private program. The program has 4 different kinds of roles Like Admin, H-User, L-User, and Guest.
https://medium.com/@shub66452/account-takeover-using-csrf-json-based-a0e6efd1bffc