Bypass CSRF With ClickJacking

This write up is all about how I chained the two different vulnerabilities to update the victim account details. Let’s assume the website name is redacted.com

Read more

Account Takeover Using CSRF(json-based)

I was hunting on Bugcrowd private program. The program has 4 different kind of roles Like Admin, H-User, L-User, and Guest. First I log in with the admin account and

Read more

2-FA Bypass via CSRF Attack

I’m here again to share about my findings on How I Bypass 2 Factor Authentication via CSRF (Cross Site Request Forgery)

Read more