[Bugbounty Study] #How a Simple CSRF Attack해킹 공부/Bugbounty Study 2020. 4. 13. 23:57
# CSRF / Account Takeover https://ladysecspeare.wordpress.com/2020/04/05/how-a-simple-csrf-attack-turned-into-a-p1-level-bug/ How a Simple CSRF Attack Turned into a P1 Level Bug Cross-site Request Forgery is easy to lookout for. However, if there are security measures in place to prevent CSRF attacks, they can be exciting (yet nerve-wracking) to bypass. For those who don… ladysecspeare.wordpre..
[Bugbounty Study] #Facebook _ CSRF해킹 공부/Bugbounty Study 2020. 4. 13. 23:48
# Facebook CSRF (Instagram Partial Account Takeover) _ $12,500 https://ysamm.com/?p=379 Facebook CSRF bug which lead to Instagram Partial account takeover. – Bug bounty write-ups Description This bug could allow an attacker to link victim’s Instagram account to his Facebook page and then have full control of The Instagram account by just making the victim visit a malicious website and without th..
[Bugbounty Study] #Mail.Ru _ Account Takeover해킹 공부/Bugbounty Study 2020. 3. 23. 20:22
# Mail.Ru Ext.B Scope (geekbrains.ru) Account Takeover _ $1500 https://firstname.lastname@example.org/mail-ru-ext-b-scope-account-takeover-1500-abdb1560e5f9 Mail.Ru Ext.B Scope Account Takeover [ $1500 ] Hi i want to share how i found account takeover bug in geekbrains.ru . medium.com 해당 사이트는 많은 애플리케이션들과 OAuth* 인증을 공유하고 있다. OAuth 로그인을 위한 이메일 주소를 확인한다. (gmail로 로그인한 후 다시 twitter로 로그인해도 같은 계정이다.) [P..