Tags: web 

Rating: 5.0

TL;DR Hijack the socketio WebSocket cross domain then send text messages as the admin user.

[Link to full writeup](https://blog.jimmyli.us/articles/2020-08/Cross-Site-WebSocket-Hijacking-With-SocketIO)

Original writeup (https://blog.jimmyli.us/articles/2020-08/Cross-Site-WebSocket-Hijacking-With-SocketIO).