Day 44/100 Hack and Improvement

Day 44 comes with a writeup related on bypassing CSRF protection to account take over, HTTP smuggling resources, and weekly report from Rajesh Ranjan and me (CoffeeJunkie).

Weekly Report

I Sam (CoffeeJunkie) got my first bounty as also my first Account Take Over by Forgot Password Functionality :)

and, Rajesh Ranjan have gotten two reports triaged this week and waiting for a prompt answer from the programs!

Bypassing CSRF Protection by changing the Request Method from POST to GET

From Rajesh Ranjan. In this writeup, You’ll see how a researcher was able to bypass the CSRF protection by changing the request method from POST to GET which ended up with Account takeover vulnerability. Check out the writeup here.

HTTP Smuggling

From Sam (CoffeeJunkie). While looking for more things to learn and more vulnerabilities to check, HTTP Smuggling seemed as something pretty interesting to learn lately, so I checked couple labs and writeups in order to learn HTTP Smuggling, I’ll be updating the learning path for this vulnerability later on.

Learning Sources

• PortSwigger Academy: Has some hands on practice realted to this kind of vulnerabilities.

• Write Ups and Explanations: As I have said before, some of the best sources at my opinion to learn other vulnerabilities are writeups from other hackers. Therefore here they are:

  • Stored XSS on https://paypal.com/signin via cache poisoning
  • HTTP Request Smuggling on vpn.lob.com
  • HTTP SMUGGLING EXPOSED HMAC/DOS
  • Password theft login.newrelic.com via Request Smuggling