Wednesday 24 April 2013

Symantec CSRF Bypass Vulnerability


Symantec CSRF Vulnerability
Hello friends here i came with another vulnerability article

Symantec Antivirus Well Known Anti Virus Official Website Vulnerable To CSRF Vulnerability...

First i go to symantec customer log in page and created my own test accounting for testing....I Switch to Live Http Headers , and then i suck , Why !! there is a CSRF Tokens called "Nonce"




And i was lke 




Before one year , CSRF tokens is like "Dangerous Evil" , I was played around but didnt find anyting better , Then i think i should remove the csrf tokens from request and then have to see is that still working fine , If server required the CSRF tokens then it wil give me an error and through me on an error page  As Expected ,After removing the CSRF Tokens and executing the same page


That works without any problem , I Was Like WTF , I Bypassed The CSRF Tokens



 

Video POC

Reported Vulnerability To Symantec Security Team







No comments:

Post a Comment