From XSS To CSRF | One-click Authorized Access To Account Takeover

Chain 4 Vulnerabilities To Reach Maximum Impact Possible

1st — [Reflected XSS] -

Ngrok Web Interface shows the request contains user_access_token

2nd — [Cross-Site Request Forgery] -

Change Password Request

Level-Up!

illustration for the scenario

1) Maintain your workflow

2) Get specific cookie value

3rd — [Session Fixation] -

4th — Possible Buffer Overflow]-

pdfTeX is an extension of TeX which can produce PDF directly from TeX source

--

--

--

InfoSec Student

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Best Free Tools And Services For Technical Writers

New Reward Slot 🎰

API Orchestration Testing for Software Engineers: Postman vs Katalon

Celr 0.5 close to 5% of the warehouse

Lessons From A Billion Dollar Open Source Company

Find the number of reduced fractions. A fight against time complexity.

Random agile thoughts — Static and dynamic models

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Psycho02

Psycho02

InfoSec Student

More from Medium

PortSwigger Web Security Academy Server-side topics — SQL Injection

XSS | HTML Injection and File Upload Bypass in HUAWEI Subdomain

1year anniversary of BugBountyHunter & our second Hackevent

Bug Bounty Methodology — Horizontal Enumeration