Artwork
iconShare
 
Manage episode 464019330 series 3643227
Content provided by Amin Malekpour. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Amin Malekpour or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://staging.podcastplayer.com/legal.

What if you could take over an account—not by cracking a password, but by chaining two overlooked vulnerabilities? What if a single CSRF exploit let attackers reset security questions and hijack accounts? And what if manipulating an authorization token could escalate privileges?

In this episode of Hacked & Secured: Pentest Exploits & Mitigations, we break down three real-world pentest findings that prove creative exploitation turns small flaws into critical security risks:

  • Chaining IDORs for account takeover – Exploiting weak access controls.
  • CSRF bypass to reset security questions – Turning one click into total compromise.
  • Privilege escalation via token manipulation – How a simple change led to admin access.

Learn how these vulnerabilities were discovered, exploited, and mitigated.

Chapters:

00:00 - INTRO

01:02 - FINDING #1 - Account Takeover by Chaining Two IDORs

07:19 - FINDING #2 - Account Takeover Through CSRF Vulnerability in Security Questions

12:18 - FINDING #3 - Privilege Escalation Through Authorization Token Manipulation

17:05 - OUTRO

Want your pentest discovery featured? Submit your creative findings through the Google Form in the episode description, and we might showcase your finding in an upcoming episode!
🌍 Follow & Connect → LinkedIn, YouTube, Twitter, Instagram
📩 Submit Your Pentest Findings https://forms.gle/7pPwjdaWnGYpQcA6A
📧 Feedback? Email Us [email protected]
🔗 Podcast Website → Website Link

  continue reading

Chapters

1. INTRO (00:00:00)

2. FINDING #1 - Account Takeover by Chaining Two IDORs (00:01:02)

3. FINDING #2 - Account Takeover Through CSRF Vulnerability in Security Questions (00:07:19)

4. FINDING #3 - Privilege Escalation Through Authorization Token Manipulation (00:12:18)

5. OUTRO (00:17:05)

14 episodes