Everyone knows about the Fiverr.com, which is one of the most popular online market place where people sell their service for $5. There are million of users that using Fiverr but do you know that a single security flaw put all millions of users at risk.
Yeah.. the same have happened, as a security researcher Mohamed Abdelbaset from Egypt have discovered a critical security flaw, CSRF (Cross-site request forgery) vulnerability on Fiverr.com, which leads to hijack any of the fiverr account. Abdelbaset says to THN that he had reported the issue to Fiverr team, but the company ignored the advance warning of the critical bug and had not patched also.
Abdelbaset explain that, the vulnerability allows him to hack any account of fiverr users and for that he just need the profile link of the victim. As for exploitation of CSRF vulnerability users interaction is needed, hence Abdelbaset do the same as, he craft a webpage and convince the users to visit it and get a users click on the site (anywhere).
This is not hard to make anyone visit to a webpage (crafted), so there are more chance for the attacker to get the victim.
For the demonstration of the vulnerability researcher have publish a video, showing how vulnerability works. [Check below]
Abdelbaset also added that if the victim have opened his/her fiverr account on same browser then with the CSRF vulnerability attacker exploit replace the victim’s Fiverr account email with the attacker’s email address, without the notice of victim. And after the email changed, attacker can easily changed the password of the victim via "Password Reset" option.
Yeah.. the same have happened, as a security researcher Mohamed Abdelbaset from Egypt have discovered a critical security flaw, CSRF (Cross-site request forgery) vulnerability on Fiverr.com, which leads to hijack any of the fiverr account. Abdelbaset says to THN that he had reported the issue to Fiverr team, but the company ignored the advance warning of the critical bug and had not patched also.
This is not hard to make anyone visit to a webpage (crafted), so there are more chance for the attacker to get the victim.
For the demonstration of the vulnerability researcher have publish a video, showing how vulnerability works. [Check below]