json-based-csrf

2 articles
sort: new top best
clear filter
bug-bounty460 xss231 bragging-post117 rce87 microsoft82 google81 account-takeover81 open-source79 csrf77 authentication-bypass76 facebook75 stored-xss74 web-security64 reflected-xss63 access-control61 apple59 ai-agents59 privilege-escalation58 input-validation51 defi48 sql-injection48 cross-site-scripting47 smart-contract47 ethereum44 api-security42 information-disclosure41 web-application39 privacy39 tool37 ssrf36 burp-suite36 malware34 llm34 automation34 html-injection33 smart-contract-vulnerability33 vulnerability-disclosure33 web333 responsible-disclosure32 phishing32 opinion31 waf-bypass31 denial-of-service30 cve30 idor29 machine-learning29 code-generation28 authentication27 remote-code-execution26 infrastructure25
0 5/10
Account takeover using CSRF json based
bug-bounty

A bug bounty researcher demonstrates an account takeover vulnerability combining stored XSS, information disclosure (API key leakage via group chat endpoints), and JSON-based CSRF using XMLHttpRequest to escalate from low-privilege user to admin account takeover. The attack exploited lack of CSRF protection on API endpoints that relied solely on API key validation.

csrf json-based-csrf account-takeover api-security cors-misconfiguration information-disclosure xss stored-xss api-key-leakage privilege-escalation bug-bounty bragging-post
shub rathore sil3nt_4unt3r HackerOne Bugcrowd
medium.com · devanshbatham/Awesome-Bugbounty-Writeups · 12 hours ago · details
0 8/10
Ubiquiti bugbounty unifi generic CSRF protection Bypass
bug-bounty

Ubiquiti UniFi v3.2.10 and below contains a generic CSRF protection bypass that strips the Referer header, allowing attackers to perform unauthorized actions like changing user passwords, adding new users, and creating WLAN configurations. The exploit uses enctype='text/plain', iframe source manipulation, and JavaScript to strip the Referer header and submit JSON-based CSRF attacks.

csrf cross-site-request-forgery ubiquiti unifi referer-header-bypass json-based-csrf authentication-bypass web-vulnerability exploit-technique bug-bounty
Ubiquiti UniFi v3.2.10 HackerOne MITRE Julien Ahrens RCE Security OSVDB
rcesecurity.com · devanshbatham/Awesome-Bugbounty-Writeups · 12 hours ago · details