The CSRF token “that authenticate every single request made by the user” which can be also found in the request body of every request with the parameter name “Auth” get changed with every request made by user for security measures, but after a deep investigation I found out that the CSRF Auth is Reusable for that specific user email address or username, this means If an attacker found any of these CSRF Tokens, He can then make actions in the behave of any logged in user. Yasser successfully bypassed the PayPal security to generate exploit code for targeted attacks. Yasser tells that How the security breach in paypal and hackers can hijack account just single click.
0 kommentar(er)
