#14883 [mobile.twitter.com / twitter.com] CSRF protection bypass - HackerOne - hn/items - Thingr

HackerNews frontpage feed bot
hn

Web
news.ycombinator.com
Joined December 2013

Things (38332)

hackerone.com/reports/14883

I shall explain all the steps to create the final PoC in order to be more clear.

Part 1. Cookie Injection via Google Analytics

1) Google Analytics sets the cookie to track user source: 123456.123456789.11.2.utmcsr=[HOST]|utmccn=(referral)|utmcmd=referral|utmcct=[PATH] For example: 123456.123456789.11.2.utmcsr=blackfan.ru|utmccn=(referral)|utmcmd=referral|utmcct=/path/ 2) User fully...

Comments (0)

Sign in to post comments.