View RSS Feed

Recent Blogs Posts

  1. Microsofts Asp.net Anti-CSRF Token Bypass

    [B]Microsoft's Asp.net CSRF Vulnerability[/B]

    I want to share one of my finding on Microsoft Asp.net which I have reported to them in April 2013.

    While researching and working on bug bounties I have found that we can bypass Anti-CSRF token validation even when it is getting validated on the server-side and can execute CSRF. And after that using the CSRF we can compromise the victims account by change email id of any users account on that site to the attackers email ...
  2. Account Compromise & Anti CSRF Token Bypass

    [LEFT][B]Account Compromise & Anti CSRF Token Bypass by Chaining Reflected HPP & Stored HPP Vulnerabilities[/B]


    While researching and working on bug bounties I have found that by using Reflected HTTP Parameter Pollution vulnerability we can bypass Anti-CSRF token validation and can execute CSRF and after that using the CSRF we can execute the Stored HPP vulnerabilty and can compromise any victims account if that site is vulnerable to these attacks.

    ...