CSRF LOGOUT IMPACT :
Logout should protect your logout mechanism against CSRF. At first it seems that all an attacker can do is logout the user, which would be annoying at worst. However, if you combine this with a phishing attack, the attacker may be able to entice the victim to re-login in using their own form and then capture the credentials. Very sketchy, but to protect against this sort of attack requires little cost.
LOGOUT CSRF POC :
Overview:
Hello , This is Abdul Haq Khokhar , I am Independent Security Researcher and I have recently found Vulnerability in website (Private Program) on hackerone.com and I don't want to disclose website because my report is still Triaged (12-12-2014) and security team is fixing now.well vulnerability was really simple as i shown in below POC-Screenshot and i was just testing this vulnerability first time so i tried on this web and Got the Shocking response from the Website .
BUG : Logout CSRF Cross site Request Forgery CSRF
POC Code :
Already shown in POC Screenshot above .
Reporter : Abdul Haq Khokhar
After Reading the Response from Security team :
Reward : 250$
I hope you enjoyed this article and Hopefully you guys will try this bug on other websites too :-D
“Let him who would enjoy a good future waste none of his present.”
Roger Babson
How could you get bounty at Triaged Stage...
ReplyDeleteStrange..
AVINASH Yes Right its sound like strange but Mine 11 More Reports are still triaged with Rewards :-)
DeleteI want 50 comments on here then i will Share this websites and then you can earn $_$ :)
ReplyDeleteI was so anxiuos to know what my husband was always doing late outside the house so i started contacting hackers and was scamed severly until i almost gave up then i contacted this one hacker and he delivered a good job showing evidences i needed from the apps on his phone like whatsapp,facebook,instagram and others and i went ahead to file my divorce papers with the evidences i got,He also went ahead to get me back some of my lost money i sent to those other fake hackers,every dollar i spent on these jobs was worth it.Contact him so he also help you.
ReplyDeletemail: premiumhackservices@gmail.com
text or call +1 4016006790
i was lost with no hope for my wife was cheating and had always got away with it because i did not know how or
ReplyDeletealways too scared to pin anything on her. with the help a friend who recommended me to who help hack her phone,
email, chat, sms and expose her for a cheater she is. I just want to say a big thank you to
SUPERIOR.HACK@GMAIL.COM . am sure someone out there is looking for how to solve his relationship problems, you can also contact him for all sorts of hacking job..he is fast and reliable. you could also text +1 213-295-1376(whatsapp) contact and thank me later