.png)
2 months ago
27 BOOK THIS SPACE FOR AD
ARTICLE AD“I realized here that there was a high chance to find a CSRF vulnerability.
I just needed to confirm two important things:
Referrer: I had to ensure that the website allowed password changes from different sources or, in short, that I could change the password with a referrer different from the original website.
For example:
Referrer: https://www.target.com/reset-password
I confirmed that I could change it to anything, like:
Referrer: https://www.attacker.com/
I succeeded in that! :)
response:
200 ok
Now we are 50% closer to finding the vulnerability.
Token: This is the most difficult part because most websites verify it very well, but there are many ways to bypass it if the site checks the token.
Now it’s time for exploitation!
I confirmed all the previous steps.
The only thing left was the token.
I changed my password, intercepted the request, manipulated the token value, and even deleted it, and I successfully changed the password.”
and BOOOOOOOOOOOOOM
CSRF
“I quickly created the HTML page, wrote the code, and confirmed the vulnerability.”
Bengali (Bangladesh) · 
English (United States) ·