CSRF Vulnerability in Oculus
CSRF Vulnerability in Oculus – Bug Bounty POC
Hello Bug Bounty POC viewers hope you guys are Alright , So It is me Hisham Mir once again, today i will be sharing with you that how i got $500 + Facebook HOF with an Simple CSRF Vulnerability in Oculus, So back in September when i started bug hunting i decided to have a look at Oculus there is nothing much on oculus to pentest so i went to the order form and started checking for XSS i suddenly noticed that there was no CSRF protection on the form. I reported it to Facebook and hoped for the best.
Steps to Reproduce :
1) Go to https://www1.oculus.com/order/
2) See the source code
3) And see the code of the order form
4) There is no auth or csrf token present in there to
forward the request.
Another way of checking:
1) Open mozila and go to https://www1.oculus.com/order/
2) and start the tool tamper data
3) fill all the information required and tamper the
request you will see no csrf token in the request.
So it was a really motivational bounty for me to continue further in this field because it was nearly 1 month since i started huntingmand acheived an milestone of Facebook HOF.
I wish best of luck for Behroz for Starting such an Blog, InshAllah I will be posting my further findings here on this blog. Soon An Auth bypass worth $3000 in Facebook Acquired Parse.com will be posted here Soon. Stay tuned to Bug bounty POC We Share the Knowledge
CSRF Vulnerability in Oculus Reply of Facebook :