_bug-bounty-oauth2-vulnerability-on-coinbase-com.jpg "Bug Bounty: OAuth2 vulnerability on Coinbase.com from csrf token Video Screenshot Preview")
GalleryPlay Video:
(Note: The default playback of the video is HD VERSION. If your browser is buffering the video slowly, please play the REGULAR MP4 VERSION or Open The Video below for better experience. Thank you!)
⏲ Duration: 94 sec
✓ Published: 06-May-2013
✓ Published: 06-May-2013
Description:
This is a demo of a PoC I wrote exploiting a bug in Coinbase.com's OAuth implementation. It was possible to retrieve the OAuth app authorization form as one user and forward it (along with the CSRF token's etc) to the victim, with Javascript to autosubmit the form. Coinbase was not confirming the form was generated by the victim and so it was possible for an attacker to authorize their malicious app on the users account without their confirmation. All the victim was required to do was view a web
This is a demo of a PoC I wrote exploiting a bug in Coinbase.com's OAuth implementation. It was possible to retrieve the OAuth app authorization form as one user and forward it (along with the CSRF token's etc) to the victim, with Javascript to autosubmit the form. Coinbase was not confirming the form was generated by the victim and so it was possible for an attacker to authorize their malicious app on the users account without their confirmation. All the victim was required to do was view a web
Share with your friends:
Whatsapp | Viber | Telegram | Line | SMS
Email | Twitter | Reddit | Tumblr | Pinterest
_cross-site-request-forgery-csrf-explained.webp "PwnFunction")
_cross-site-request-forgery-computerphile.webp "Computerphile")
_meet-the-makers-the-hebden-bridge-jeweller-who-makes-something-magical.webp "Wearing jewellery is second nature to most of us, it’s something we barely think about. Along with our clothes, hair, make-up, jewellery is an expression of our style, a statement of how we see ourselves in the world.<br/>But unlike – say – a haircut or a new pair of jeans, jewellery reaches to something deeper. Crafted from precious metals and rare stones, our most treasured jewellery is often a token of love, given to mark a significant rite of passage in our lives: an important birthday, a wedding, a promise, an heirloom that links us to someone passed.<br/><br/>We invest the jewellery we love with special powers; these precious metals and stones become such a part of us that we feel lost without them – they seem to become connected to our personal strength and power.<br/><br/>Some might call it superstition, but for Hebden Bridge-based jeweller Toby Cotterill, it’s magic: “I think human beings are capable of magic.” he says, “We can all go beyond what we do in our everyday and get to a different place, and it can help us through hard times. I’m not saying that my jewellery is magic, it’s not me doing it, it’s people putting their emotions and memories and histories into a piece and giving it power.”<br/><br/>Throughout the world and since the beginning of time people have imbued jewellery with talismanic power. The objects we make from precious minerals and stones have been buried with us and long-outlasted skin and bone. Those ancient objects continue to exert an influence and connect us to the stories of people who lived before us.<br/><br/>In his tiny-but-perfectly-formed workshop in Hebden Bridge’s Northlight Studios, Toby sees himself as part of an ancient tradition, using tools and methods that jewellers and metalsmiths have refined and developed over thousands of years.<br/><br/>It’s a magical process to watch. Toby takes gold or silver, melts it, moulds it, cuts and hammers it, drills and files, heats it and plunges it into water, rolls it in sand – completely absorbed, at ease with his tools and lost in the making.<br/><br/>And somehow the metal takes on a new life, becomes something else – a shimmering beetle or fossil-like thing emerges. Something both ancient and alive at the same time, a moving, sparkling, precious thing with weight, something you want to touch…<br/><br/>One of four brothers, Toby’s childhood was spent in the hills and woods of the Welsh countryside: “Dad was a furniture maker, mum was a nurse.” he explains, “We didn’t have much money, but we were very happy. There was a move at the time toward self-sufficiency, so we had a small-holding, a few fields with maybe 20 sheep and a few pigs and cows. Mum and dad between them would work really hard, working the land and bringing us up. I think they wanted us to have that kind of childhood – grubby in the fields, learning the names of animals and plants and trees and just playing outside, making things.”")
_anti-csrf-tokens-explained.webp "Nevyan Neykov")
_cross-site-request-forgery-csrf-explained.jpg)
_cross-site-request-forgery-computerphile.jpg)
_meet-the-makers-the-hebden-bridge-jeweller-who-makes-something-magical.jpg)
_anti-csrf-tokens-explained.jpg)
![[+]](/images/menu.gif){kind=small}