2 FA Bypass via CSRF Attack

  1. Bypassing 2fa using conventional session management
  2. Bypassing 2fa Via OAuth mechanism
  3. Bypassing 2fa via brute force
  4. Bypassing 2fa using race conditions (RARE)
  5. Bypassing 2fa using modifies response
  6. Bypassing 2fa using Activation link
  7. Bypassing 2fa in password reset page
  1. BurpSuite
  1. Go to https://pandao.ru/profile/settings and sign up for two accounts. In which first is attackers account and second is Victim’s
  2. Log in to Attackers account and capture the Disable 2FA request in Burp suite and generate CSRF poc.
  3. Save the CSRF poc file with extension .HTML.
  4. Now log in into Victim’s account in Private Browser and fire that CSRF file. Now you can see that It disable 2FA which leads to 2FA Bypass.
  1. I reported to them 9th August
  2. They saw the report, steps to reproduce, and PoC(Video).
  3. And, this program is in Extended scope of mail.ru and They do not pay for Client side attacks so I didn't get any Bounty for this. But Still Worth. :)

Penetration Tester, Bug Bounty Hunter, Security Researcher

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Vishal Bharad

Vishal Bharad

Penetration Tester, Bug Bounty Hunter, Security Researcher

More from Medium

Writeup: CSRF where token is duplicated in cookie @ PortSwigger Academy

The Unobvious About XSS and HTML Encoding

IDOR with Autorize!

IDOR vulnerability on invoice and weak password reset leads to account take over