all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

How I Was Able to Takeover User Accounts via CSRF on an E-Commerce Website

Add to bookmarks
Feb. 10, 2023, 7:47 p.m. | Crisdeo Nuel Siahaan

InfoSec Write-ups - Medium infosecwriteups.com

Hi Folks!

In this article, We’ll talk about the topic of cross-site request forgery (CSRF) vulnerabilities and I’ll share my personal experience of successfully executing a one-click account takeover on an e-commerce website. This serves as a reminder of the critical role that proper security measures play in keeping our sensitive information safe.

So… What’s this CSRF thing?

Cross-Site Request Forgery (CSRF) is a type of security vulnerability that affects web applications. It happens when a malicious website is able …

accounts bug bounty bug-bounty-tips commerce csrf e-commerce hackerone infosec takeover website

Visit resource

More from infosecwriteups.com / InfoSec Write-ups - Medium

Tutorial on x86 Architecture: From Basics to Cybersecurity Links 2 days, 13 hours ago | infosecwriteups.com
architecture basics components continue +14
NTFS Filesystem: Alternate Data Stream (ADS) 2 days, 13 hours ago | infosecwriteups.com
filesystem forensics ntfs security +1
Creating Payloads with ScareCrow to Mimic Reputable Sources and Bypass Anti-Virus 2 days, 13 hours ago | infosecwriteups.com
hacker hacking hacking tools linux +1
Breaking Safeguards: Unveil “Many-Shot Jailbreaking” a Method to Bypass All LLM Safety Measures 2 days, 13 hours ago | infosecwriteups.com
artificial intelligence breaking bypass chatgpt +15
XSS Unpacked: What It Is, How It Works, and How to Stop It 2 days, 13 hours ago | infosecwriteups.com
cybersecurity script-injection secure coding web security +1
How I Hack Web Applications (Part 1) 2 days, 13 hours ago | infosecwriteups.com
application security bug bounty ethical hacking infosec +1
Storm Breaker: Unveiling the Power of the Social Engineering Tool 2 days, 13 hours ago | infosecwriteups.com
capabilities continue cybersecurity engineering +12
CVE-2024–3400: A Critical Vulnerability in PAN-OS Firewalls 2 days, 13 hours ago | infosecwriteups.com
bug bounty command command injection critical +13
If You Want To Be A CISO Then Read This First … 2 days, 13 hours ago | infosecwriteups.com
career advice careers ciso cybersecurity +6

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Cyber Security Architect - SR

@ ERCOT | Taylor, TX
View on infosec-jobs.com

SOC Analyst

@ Wix | Tel Aviv, Israel
View on infosec-jobs.com

Associate Director, SIEM & Detection Engineering(remote)

@ Humana | Remote US
View on infosec-jobs.com

Senior DevSecOps Architect

@ Computacenter | Birmingham, GB, B37 7YS
View on infosec-jobs.com
View more jobs