How I made 1000$ with AT&T Bug Bounty(H1)

  • The target is https://www.att.com.mx/tienda/customer/account/editPost/
  • Create two accounts csrfattacker (Mozilla) and csrfvictim (Chrome) or you can also test it with one account.
  • After login in both accounts with different browsers go to account settings and click on edit in mozilla.
  • Open any web proxy tool to intercept the request of the profile change
  • We can exploit the form both ways manual/automated but we’ll Use automated exploitation with burp
  • Right click on request and select Engagement tools and click on ‘Generate PoC request’, Here copy HTML and save it as csrf.htm
CSRF Poc
  • change the email id in the html if you want takeover with email. you can use password too for takeover. If you’re trying to exploit manually you can just use one ‘email’ field (Mendatory (*) fields are needed, rest you can delete) and exploit the request.
  • In new tab in chrome open csrf.html and click on submit request and you’ll get victim’s account with Email/Password, to cross verify you can refresh the first tab.

--

--

Listed in Top 100 most respected hackers in the world by Microsoft at the BlackHat conference in America 2018

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Adesh Kolte

Adesh Kolte

Listed in Top 100 most respected hackers in the world by Microsoft at the BlackHat conference in America 2018