View RSS Feed

ajaysinghnegi

  1. Microsofts IIS.net Anti-CSRF Token Bypass

    [B]Microsoft's IIS.net CSRF Vulnerability[/B]

    I want to share my another finding on Microsoft IIS.net which I have reported to them in August 2013.


    While researching and working on bug bounties I have found that we can bypass Anti-CSRF token validation even when it is getting validated on the server-side and can execute CSRF. And after that using the CSRF we can compromise the victims account by change email id of any users account on that site to the attackers ...

    Updated 04-21-2014 at 11:12 AM by 41.w4r10r

    Tags: -1', zap Add / Edit Tags
    Categories
    Uncategorized
  2. Microsofts Asp.net Anti-CSRF Token Bypass

    [B]Microsoft's Asp.net CSRF Vulnerability[/B]

    I want to share one of my finding on Microsoft Asp.net which I have reported to them in April 2013.

    While researching and working on bug bounties I have found that we can bypass Anti-CSRF token validation even when it is getting validated on the server-side and can execute CSRF. And after that using the CSRF we can compromise the victims account by change email id of any users account on that site to the attackers email ...
  3. Twitter Follow Retweet and Tweet Favourite CSRF Vulnerabilities

    [B]How we were able to find Twitter Follow Retweet and [/B][B][B]Tweet Favourite[/B] CSRF[/B]


    [LEFT]We want to share 3 of our findings on Twitter which me and my friend Krutarth have reported to them on March 2014.My good friend @KrutarthShukla was testing Twitter and he was trying deeply to find something on it. And finally he got a Follow CSRF and after sometime later I also got Reweet & Tweet Favourite CSRF. So, we found 3 CSRF vulnerabilities on Twitter.
    [/LEFT] ...
  4. Account Takeover Using Password Reset Vulnerability

    [LEFT][B]Account Takeover Using Password Reset Functionality[/B]
    [/LEFT]
    While researching and working on bug bounties I have found that by using Password Reset Functionality, Token & Link we can Takeover all the users account of a website if that site is vulnerable to this type of attack.


    Using this vulnerability the attacker can modify the email md5 hash to any victims email md5 hash to change their password and in this way he can also reset all passwords ...
  5. How I was able to Read & Download Paypals X.com Users Private Email Attachments

    [B][LEFT]Paypals X.com Failure to Restrict Url Access Vulnerability
    [/LEFT]
    [/B]
    [LEFT]I want to share one of my finding on Paypals X.com which I have reported to them in 3 January 2013.

    [/LEFT]
    I have found that Paypal X.com following Url [URL]https://www.x.com/sites/default/files/failure_to_restrict_url_vul_for_any_attachments.txt[/URL] was vulnerable to Failure to Restrict Url Access Vulnerability as the email Attachments Url can be accessed without Login ...
  6. Account Compromise & Anti CSRF Token Bypass

    [LEFT][B]Account Compromise & Anti CSRF Token Bypass by Chaining Reflected HPP & Stored HPP Vulnerabilities[/B]


    While researching and working on bug bounties I have found that by using Reflected HTTP Parameter Pollution vulnerability we can bypass Anti-CSRF token validation and can execute CSRF and after that using the CSRF we can execute the Stored HPP vulnerabilty and can compromise any victims account if that site is vulnerable to these attacks.

    ...
  7. Linkedin's Clickjacking & Open Url Redirection Vulnerabilities

    [QUOTE=ajaysinghnegi;8813]# Vulnerability Title: Secondary Email Addition & Deletion Via Click Jacking in Linkedin
    # Website Link: [Tried on Indian version]
    # Found on: 06/08/2012
    # Author: Ajay Singh Negi
    # Version: [All language versions would be vulnerable]
    # Tested on: [Indian version]
    # Reported On: 07/08/2012
    # Status: Fixed
    # Patched On: 10/09/2012
    # Public Release: 15/09/2012



    [B][U]Summary[/U][/B] ...