View RSS Feed

ajaysinghnegi

  1. Microsofts Asp.net Anti-CSRF Token Bypass

    [B]Microsoft's Asp.net CSRF Vulnerability[/B]

    I want to share one of my finding on Microsoft Asp.net which I have reported to them in April 2013.

    While researching and working on bug bounties I have found that we can bypass Anti-CSRF token validation even when it is getting validated on the server-side and can execute CSRF. And after that using the CSRF we can compromise the victims account by change email id of any users account on that site to the attackers email ...