About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Cookie poisoning leads to DOS and Privacy Violation- 404

Benjamin WalterPosted 5 Years Ago
  • When inserting an avatar link for support chat request, there is improper validation. Instead of strictly validating the domain it just checks if the domain contains the URL. Because of this, a user controlled link to an arbitrary server can be provided.
  • There are two ways to exploit this. First, because than attacker can control the link, they can see the IP address of the user. This creates a privacy violation that could be used in other attacks.
  • The second way to exploit this is a persistent denial of service (DoS) attack via a logout CSRF. By setting the avatar to be a logout request, the support agent is locked out of their account. To make matters worse, the avatar was loaded for all support professionals! Damn, that is an impactful DoS.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed