Authenticated Data Theft

Your experience of helping website owners
Post Reply
cybercdh
Posts:7
Joined:Wed Mar 07, 2018 7:26 pm
Authenticated Data Theft

Post by cybercdh » Sat Jun 16, 2018 10:07 am

I have numerous instances of data theft from sites where they have overly permissive crossdomain policies allowing for authenticated data to be POSTed back to an attacker server.

This is essentially CSRF, but with a twist. In some instances I can modify data, but I want to be able to report issues where I can steal data also. This doesn't fit into the template for reporting CSRF on OBB at present - any advice?

User avatar
x1admin
Site Admin
Posts:3101
Joined:Sun Nov 15, 2015 7:04 pm

Re: Authenticated Data Theft

Post by x1admin » Mon Jun 18, 2018 6:34 am

cybercdh wrote:
Sat Jun 16, 2018 10:07 am
I have numerous instances of data theft from sites where they have overly permissive crossdomain policies allowing for authenticated data to be POSTed back to an attacker server.

This is essentially CSRF, but with a twist. In some instances I can modify data, but I want to be able to report issues where I can steal data also. This doesn't fit into the template for reporting CSRF on OBB at present - any advice?
At this time we dont accept this type of vulnerabilities, maybe we implement this soon

Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests