Iframe Injection leads to CSRF and Account Takeover

Iframes that are injected into web pages are mostly called by Client’s Browser except in some cases like PDF generators.

Read more

How I CSRF’d My First Bounty

This is my first blog post, and I decided to start off by sharing about my recent finding. It was a CSRF issue, which earned me $500.

Read more

CSRF Bypass Using Cross Frame Scripting

Initially I tested for CSRF vulnerability on this module but it was completely mitigated and there was a token in the post request which was validated by the server, hence

Read more

CSRF Attack can lead to Stored XSS

I found a CSRF attack to add the XSS payload but there is a problem I should get the template ID to edit it and I can’t Brute Force it

Read more

CORS leads to CSRF Attack

This writeup is about the CORS Misconfiguration by which I was able to perform a CSRF attack to change other users account Info.

Read more