Hey guys, Hope you are doing well.

In this article, I’m going to share my recent finding which was mostly about the enumeration part. So without any further delay let’s dive in.

Enumeration -

  1. I picked a target from Bug crowd assume it as redacted.com (coz everyone mentions that way :). The specialty of this program is you are able to view any previously submitted vulnerabilities by other security researchers. On viewing this list there were no CSRF bugs reported. This gave me a better opportunity to look for CSRF.

Tools Used -

The main tool I use for finding a CSRF vulnerability is Burp. Burp has a CSRF POC generator which makes our work easier.

Attacking -

1. Started enumerating the application directly without any reconnaissance ( not a recon guy ).

2. The application had a development domain wherein it implements the same backend logic as that of the main application. The only difference here is you get to choose a demo version.

3. Started to register to create an account and checked every request in burp.

4. The application’s data was transferred in JSON. So tried to bypass CSRF token protection but had no luck.

5. On successful registration, the application offered a feature to link a demo Bank. This seemed interesting. Instantly started to check this feature.

6. At the final bank login endpoint I saw something missing ( Guess what. It’s a CSRF token )

7. Simply crafted the payload using burp POC generator and made the victim click on it.

8. This allowed linking a demo bank account with respect to the victim. Reported the bug to the company and was awarded with $500

Takeaways -

  1. While hunting for CSRF the best technique is to check for every API endpoint which might be vulnerable.

Hope this write-up was helpful. Collaboration and networking is something that I always enjoy. Let’s connect

Twitter — https://twitter.com/Begin_hunt

Linkedin — https://www.linkedin.com/in/balapraneeth/

Happy hacking !!!
If you have reached this far, thank you for reading this article. Kindly feel free to point out any mistakes and do let me know where I can improve in writing and explaining in detail. Appreciate it!!. All the best. God bless

Written by

Learner

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store