One question that, if there is no csrf token or protection, then can't we simply make a csrf poc of editing name with xss payload and give that html file to victim. As soon as he opens that, his name will be automatically changed to xss payload and xss will execute ?
But the severity would be likely equal to the impact of open redirection.Some bug bounty programs claimed it
I've used this technique 'Self XSS To Perform Reflected XSS to steal cookies via CSRF' but after I made a bug report, the bug bounty development team only responded like this "Bug does not apply" even though I already have clear details like this screenshot, scenario POC attacks, and screen recording, and until now the bug is still there and has not been followed up by the development team
Regards from Indonesia sir🙏
Can we access the lab you showed here
Bro this is awesome but I couldn't properly understand what we are trying to achieve . Can u please explain.
@BePractical so we are basically making the victim to login to our acc and using that xss we steal victim creds? But how we are logging in our acc only . Please mind me
@@BePracticalTech oh got it thanks dude for explaining :D. Keep up the good work
This is CSRF
love account takeover vulns xd
❤
Fantastic demonstration! 🤞 However, I have several queries and suggestions:
Queries:
1. Will the attacker be traceable in this chain attack?
2. How many categories of chain attacks need to be infected to execute this method successfully?
3. Has this attack been validated for both reflected and direct attacks?
Suggestions:
1. It would be helpful to use two different user credentials to differentiate between them.