Blog Posts

  • Chaining Method Override and CSRF Vulnerabilities for Account Takeover

    Chaining Method Override and CSRF Vulnerabilities for Account Takeover As a security researcher, uncovering vulnerabilities that could potentially lead to severe security breaches is both challenging and rewarding. In this post, I will discuss a fascinating case involving method override and Cross-Site Request Forgery (CSRF) vulnerabilities, which could lead to an account takeover. Please note…

  • Attacking weak password reset implementation

    In this blog post, I detail how I uncovered a critical vulnerability in a popular online service’s password reset feature. Due to poor password reset implementation practices, I was able to gain unauthorized access to user accounts. In this research, I will lay out the thought process from a hacker’s perspective to achieve an account…