while testing http://www.olx.ph came across a CSRF vulnerability in the setting menus.
Reproduction Steps :
choose victim who already logged olx.ph account. An attacker send link (payload change email ready to execute when the victim click that link) to victim.When victim click that link, the email already change, and attacker can verify with his email.
No comments:
Post a Comment