Ebay: From CSRF to Full Takeover Account of any user

After the Ebay Data Breach i started looking for that bug that may have been exploited from hackers to steal credentials of more that 100 million Ebay user’s account.So i focused my attention on the Ebay recovery account procedures.If you are already a Ebay user you can reset the password of your account through three procedures:

1) Email Address:An email to the registered email-address will be sent with a reset link

2)SMS: An SMS with a 4-digits PIN will be sent from Ebay to the registered phone number

3)Phone call: A phone call will be made from Ebay to reset password of the Ebay user’s account Leggi tutto “Ebay: From CSRF to Full Takeover Account of any user”