View RSS Feed


  1. Microsofts Anti-CSRF Token Bypass

    [B]Microsoft's CSRF Vulnerability[/B]

    I want to share one of my finding on Microsoft which I have reported to them in April 2013.

    While researching and working on bug bounties I have found that we can bypass Anti-CSRF token validation even when it is getting validated on the server-side and can execute CSRF. And after that using the CSRF we can compromise the victims account by change email id of any users account on that site to the attackers email ...