all InfoSec news
Busting CSRF: The Hidden Dangers of JSON Exploited
June 17, 2024, 6:01 p.m. | Omar Essam (hack3dby0mar)
InfoSec Write-ups - Medium infosecwriteups.com
This write-up is about an interesting technique not known to many people, which I used to bypass CSRF protection on every single endpoint of a website that belonged to a private bug bounty program.
Let’s jump right in…
I was exploring the website when I stumbled upon an endpoint for inviting admins. It looked like this:
POST /api/rounds/test_round/admin/invite
Host: example.com
Cookies: ……
Content-type: application/json
{
"email": "admin@gmail.com"
}
At first glance, it seemed safe from CSRF attacks. You can’t send …
More from infosecwriteups.com / InfoSec Write-ups - Medium
Trust Machine Dockerlabs.es
1 day, 4 hours ago |
infosecwriteups.com
WaniCTF 2024: Forensic Challenges
1 day, 4 hours ago |
infosecwriteups.com
Install Naabu Kali or Parrot
1 day, 4 hours ago |
infosecwriteups.com
DLL Injection With Rust
1 day, 4 hours ago |
infosecwriteups.com
Jobs in InfoSec / Cybersecurity
Information Technology Specialist I: Windows Engineer
@ Los Angeles County Employees Retirement Association (LACERA) | Pasadena, California
Information Technology Specialist I, LACERA: Information Security Engineer
@ Los Angeles County Employees Retirement Association (LACERA) | Pasadena, CA
Vice President, Controls Design & Development-7
@ State Street | Quincy, Massachusetts
Vice President, Controls Design & Development-5
@ State Street | Quincy, Massachusetts
Data Scientist & AI Prompt Engineer
@ Varonis | Israel
Contractor
@ Birlasoft | INDIA - MUMBAI - BIRLASOFT OFFICE, IN