so.cl

Rascals are always sociable, and the chief sign that a man has any nobility in his character is the little pleasure he takes in others company. Arthur Schopenhauer


How I chained two vulnerabilities to steal credit card details

This is a report I created for one of the engagements I performed recently. The goal of the engagement was to find out if there is a way to steal credit card details by using client side vulnerabilities. Everything after this is a report as a whole.

I was engaged to perform a restricted depth first assessment of a web application “XYZ” to verify if there is a way to exploit client side vulnerabilities to steal credit card information of the users. As a result of the engagement, I was successful to exploit a self cross site scripting chained with cross site request forgery to steal the victims credit card details. This document details my approaches , findings and ways to remediate the vulnerabilities.How I chained two vulnerabilities to steal credit card details