My first bug in google and how i got CSRF token for victim account rather than bypass it ($1337)!
Today i will share my first bug in google, Which is in “Books”. I was able to modify/delete bookshelf for victim account by get CSRF token rather than bypass it .
Let’s start ..
When sign in to your account on books.google.com,you will note that there is option to create bookshelf .
Firstly,i created bookshelf and then I captured request when delete it :
As you can see the sig sent as parameter .I tried different ways to bypass sig ,but unfortunately i couldn’t bypass it :( .
After deep search i found way to get CSRF_TOKEN for victim account rather than bypass :)
1-Go to victim bookshelf and then you will find as below :
2-Press on Test :
3-When modify name or description and press save no thing happen ,because i am not authenticated user .
But let’s start check request :
The surprise was that there is sig parameter :))))
4- I created PoC with this sig parameter and then i send it to victim.
You need to create a PoC for each targeted victim :D