Hey, I’m Abhisek. Back with another write up. This write up is based upon my bug hunting tactics of increasing impact of information disclosure. With no further delay, Let’s start *_*

Hello guys, Hope all are doing good. I’m Abhisek, here’s a small write up on CSRF vulnerability I found in a Bug Bounty program. Don’t worry new people, Its beginner friendly.

Cross Site Request Forgery

Since I’m not supposed to disclose the site, Let’s take redacted[dot]com as our target. Okay, moving ahead.

First of all, What does Cross-Site Request Forgery (CSRF) mean? On simple words. It is kind of a one click attack, where a malicious request is submitted by the victim without his/her knowledge which may lead to occurrence of sensitive actions. …

Recently I was been working on Facebook Whitehat program and I wanted to explain a bug which I found — OPEN REDIRECT

Hey, hope all are good. I’m Abhisek here

Disclaimer: This is for educational purposes only. I’m not in any way liable for any misuse.

When I was looking for low hanging bugs on Facebook, open redirect was the one which attracted me. So quickly launched Facebook and looked the requests sent during the process of redirection.

Abhisek R

Security Researcher | Google VRP | OWASP SASTRA University Chapter Lead | Bughunter | Backend Developer

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store