Shellbreaker

Duplicate CSRF… Leads to $$$$

Duplicate CSRF… Leads to $$$$

Bhavesh aka Shellbreaker's photo
Bhavesh aka Shellbreaker
·

3 min read

Table of contents

Introduction

Hey everyone, Bhavesh aka Shellbreaker here! Cybersecurity is my passion, both at work as a security engineer and after hours as a bug bounty hunter. Join me on this adventure as I uncover vulnerabilities and explore the fascinating world of cybersecurity, one loophole at a time.

What is CSRF?

Cross-Site Request Forgery (CSRF) is an attack that forces authenticated users to submit a request to a Web application against which they are currently authenticated. CSRF attacks exploit the trust a Web application has in an authenticated user.

The Chase Begins

Today’s story involves a seemingly harmless vulnerability that turned out to be much more. Let me tell you about a website with two dashboards: one for uploading images and another for managing user settings. Whenever you clicked on user settings, a new page would open with a clue in the URL about your previous location. Here’s where things got interesting…

Unexpected Turns

Intrigued, I tried injecting some code, but it didn’t work. After some head-scratching, I decided to take a break. When I returned, inspiration struck! I tried a different technique, and boom! A pop-up appeared. But this wasn’t just any pop-up — it was a self-XSS vulnerability!

From Self-XSS to Account Takeover

Frustrated at first, I realized I could still make something of this. I contacted my friend Brute Logic, a fellow security expert. We brainstormed and came up with a daring plan: account takeover using this self-XSS. The key was the password-less email change option. I crafted a malicious link that exploited the self-XSS and could change any user’s email address. This was a big deal!

Duplication Drama and Victory

I submitted my report, confident in my discovery. However, disaster struck. The report was marked as a duplicate, labelled as a simple CSRF. Dejected, I contacted Brute Logic again. He reminded me of a crucial fact: XSS vulnerabilities can bypass CSRF protections. Armed with this knowledge, I re-explained the situation to the team, and finally, they understood the true severity.

Justice Served

The team recognized the potential for account takeover and bumped the severity to P2. As a reward for my persistence and ingenuity, I received a generous bounty.

Lessons Learned

This experience taught me valuable lessons. Perseverance and creativity are key to uncovering vulnerabilities. Collaboration and guidance from experts like Brute Logic can be invaluable. And finally, understanding the connections between different vulnerabilities can lead to unexpected discoveries.

Join the Adventure

I believe in sharing knowledge and empowering others. If you’re interested in cybersecurity, I encourage you to follow my journey and explore this exciting field for yourself. Remember, even seemingly harmless vulnerabilities can lead to incredible discoveries. Keep exploring, keep learning, and keep the internet safe!

If you enjoy my work and want to support my research, please consider buying me a coffee through the link below.

Buy me a Coffee

Follow

[Twitter](twitter.com/shellbreaker_)

Did you find this article valuable?

Support Shellbreaker by becoming a sponsor. Any amount is appreciated!

bugbountybugbountytips#cybersecurityhacking