CSRF Attack

[Responsible Disclosure]CSRF Attack on Prestashop

Add-on/Plugin Details Plugin name: Data privacy extended (data protection law) – GDPR Module Vulnerability name: CSRF (Cross-Site Request Forgery) in the “Delete Account” Affected Prestashop versions: v1.6.0.4 – v1.7.6.0 Vulnerable Version: <3.7.8 Patched version: 3.7.8 Vulnerability Reported: 20th June 2019 Vulnerability Patched: 25th June 2019 So, during my internship at Astra Web Security by Czar, …

[Responsible Disclosure]CSRF Attack on Prestashop Read More »

Lets learn about XSS (Cross site scripting)

What is XSS?? Its Types, Mitigating and Preventing XSS!

In the most simple terms, XSS is nothing but injecting javascript/malicious code into a website’s or webpage’s html code. XSS (Cross site scripting) is a client-side vulnerability which means it is possible for a hacker using a browser to send malicious code through a web application. And the word “injecting” means that wherever the website …

What is XSS?? Its Types, Mitigating and Preventing XSS! Read More »

Let's Find XSS

[FREE Video PoC] Story of finding XSS (Cross Site scripting)

Journey to my first XSS (Cross Site Scripting) I started off by networking basics. And then I learnt hacking or more aptly called penetration testing or pentesting. Mostly, I learnt about various attacks on web application through freely available resources on the internet. Most of these attacks were from the OWASP Top 10 such as …

[FREE Video PoC] Story of finding XSS (Cross Site scripting) Read More »