lack-of-csrf-protection

1 article
sort: new top best
clear filter
bug-bounty448 google355 microsoft313 facebook262 xss238 apple180 malware174 rce149 exploit124 bragging-post101 cve99 account-takeover93 phishing83 csrf79 privilege-escalation77 stored-xss65 supply-chain65 authentication-bypass63 dos60 reflected-xss57 browser57 react50 cloudflare49 reverse-engineering48 input-validation48 cross-site-scripting48 access-control47 smart-contract45 docker45 aws45 node44 ethereum43 web343 sql-injection43 web-security42 defi42 web-application41 ssrf38 burp-suite35 vulnerability-disclosure34 idor34 race-condition33 html-injection33 info-disclosure33 smart-contract-vulnerability32 writeup32 buffer-overflow32 cloud32 oauth32 information-disclosure30
0 8/10
4x chained CSRFs chained for account takeover
bug-bounty

A researcher discovered a chained CSRF vulnerability chain (4 requests) in a user management system's CSV import functionality that allowed unauthenticated account takeover by uploading a malicious CSV file without CSRF tokens, escalating to system admin privileges. The attack exploited timing delays between import steps and lack of CSRF protection on all four endpoints (file upload, job view, verification, and submission).

csrf cross-site-request-forgery account-takeover privilege-escalation csv-upload file-upload xss chain-vulnerability lack-of-csrf-protection lack-of-input-validation timing-attack
HackerOne A Bug'z Life
medium.com · devanshbatham/Awesome-Bugbounty-Writeups · 20 hours ago · details