Compromise complete application with CSRF attack

List of Vulnerability helped in Exploitation

  1. No email verification
  2. Improper Validation on Server site — Email Update
  3. No Cross-Site Requests Forgery Protection — Anti CSRF token missing

--

--

--

Security Researcher | OSCP

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

[EN] DEFCON 27 Advanced Wireless Exploitation Workshop — CTF Write-Up

{UPDATE} Hmmsim - Train Simulator Hack Free Resources Generator

Introducing the second Soju Happy Hour

Fowsniff CTF — TryHackMe

{UPDATE} Princess Gloria Horse Club 2 - Care & Makeover Fun Hack Free Resources Generator

{UPDATE} AirStrike1945 Hack Free Resources Generator

[Metasploit]Upgrade Normal Shell To Meterpreter Shell

Cookies: How T

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Vaibhav Joshi

Vaibhav Joshi

Security Researcher | OSCP

More from Medium

Archway project. Safety Validator run guide for Mainnet preparing by using Sentry Nodes.

Tutorial testing Yagi.finance(Vaults)

Spring4Shell (CVE-2022–22965): New Zero-day RCE Vulnerability POC

Paper HTB