Day 44/100 Hack and Improvement

less than 1 minute read

Day 44 comes with a writeup related on bypassing CSRF protection to account take over, HTTP smuggling resources, and weekly report from Rajesh Ranjan and me (CoffeeJunkie).

Weekly Report

I Sam (CoffeeJunkie) got my first bounty as also my first Account Take Over by Forgot Password Functionality :)

nmap scan

and, Rajesh Ranjan have gotten two reports triaged this week and waiting for a prompt answer from the programs!

nmap scan

Bypassing CSRF Protection by changing the Request Method from POST to GET

From Rajesh Ranjan. In this writeup, You’ll see how a researcher was able to bypass the CSRF protection by changing the request method from POST to GET which ended up with Account takeover vulnerability. Check out the writeup here.

HTTP Smuggling

From Sam (CoffeeJunkie). While looking for more things to learn and more vulnerabilities to check, HTTP Smuggling seemed as something pretty interesting to learn lately, so I checked couple labs and writeups in order to learn HTTP Smuggling, I’ll be updating the learning path for this vulnerability later on.

Learning Sources

Leave a comment