View RSS Feed

ajaysinghnegi

  1. Microsofts IIS.net Anti-CSRF Token Bypass

    [B]Microsoft's IIS.net CSRF Vulnerability[/B]

    I want to share my another finding on Microsoft IIS.net which I have reported to them in August 2013.


    While researching and working on bug bounties I have found that we can bypass Anti-CSRF token validation even when it is getting validated on the server-side and can execute CSRF. And after that using the CSRF we can compromise the victims account by change email id of any users account on that site to the attackers ...

    Updated 04-21-2014 at 11:12 AM by 41.w4r10r

    Categories
    Uncategorized
  2. Microsofts Asp.net Anti-CSRF Token Bypass

    [B]Microsoft's Asp.net CSRF Vulnerability[/B]

    I want to share one of my finding on Microsoft Asp.net which I have reported to them in April 2013.

    While researching and working on bug bounties I have found that we can bypass Anti-CSRF token validation even when it is getting validated on the server-side and can execute CSRF. And after that using the CSRF we can compromise the victims account by change email id of any users account on that site to the attackers email ...
  3. Twitter Follow Retweet and Tweet Favourite CSRF Vulnerabilities

    [B]How we were able to find Twitter Follow Retweet and [/B][B][B]Tweet Favourite[/B] CSRF[/B]


    [LEFT]We want to share 3 of our findings on Twitter which me and my friend Krutarth have reported to them on March 2014.My good friend @KrutarthShukla was testing Twitter and he was trying deeply to find something on it. And finally he got a Follow CSRF and after sometime later I also got Reweet & Tweet Favourite CSRF. So, we found 3 CSRF vulnerabilities on Twitter.
    [/LEFT] ...