Send an Instant Message to ajaysinghnegi Using...
[B]Microsoft's IIS.net CSRF Vulnerability[/B]
I want to share my another finding on Microsoft IIS.net which I have reported to them in August 2013.
While researching and working on bug bounties I have found that we can bypass Anti-CSRF token validation even when it is getting validated on the server-side and can execute CSRF. And after that using the CSRF we can compromise the victims account by change email id of any users account on that site to the attackers
[B]Microsoft's Asp.net CSRF Vulnerability[/B]
I want to share one of my finding on Microsoft Asp.net which I have reported to them in April 2013.
While researching and working on bug bounties I have found that we can bypass Anti-CSRF token validation even when it is getting validated on the server-side and can execute CSRF. And after that using the CSRF we can compromise the victims account by change email id of any users account on that site to the attackers email
[B]How we were able to find Twitter Follow Retweet and [/B][B][B]Tweet Favourite[/B] CSRF[/B]
[LEFT]We want to share 3 of our findings on Twitter which me and my friend Krutarth have reported to them on March 2014.My good friend @KrutarthShukla was testing Twitter and he was trying deeply to find something on it. And finally he got a Follow CSRF and after sometime later I also got Reweet & Tweet Favourite CSRF. So, we found 3 CSRF vulnerabilities on Twitter.
[/LEFT]
[LEFT][B]Account Takeover Using Password Reset Functionality[/B]
[/LEFT]
While researching and working on bug bounties I have found that by using Password Reset Functionality, Token & Link we can Takeover all the users account of a website if that site is vulnerable to this type of attack.
Using this vulnerability the attacker can modify the email md5 hash to any victims email md5 hash to change their password and in this way he can also reset all passwords
[B][LEFT]Paypals X.com Failure to Restrict Url Access Vulnerability
[/LEFT]
[/B]
[LEFT]I want to share one of my finding on Paypals X.com which I have reported to them in 3 January 2013.
[/LEFT]
I have found that Paypal X.com following Url [URL]https://www.x.com/sites/default/files/failure_to_restrict_url_vul_for_any_attachments.txt[/URL] was vulnerable to Failure to Restrict Url Access Vulnerability as the email Attachments Url can be accessed without Login