Sign up to save your podcasts
Or
Share Ep. 2 – Chaining IDORs, CSRF Account Takeovers & Token Manipulation for Privilege Escalation
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Ep. 2 – Chaining IDORs, CSRF Account Takeovers & Token Manipulation for Privilege Escalation
What if you could take over an account—not by cracking a password, but by chaining two overlooked vulnerabilities? What if a single CSRF exploit let attackers reset security questions and hijack accounts? And what if manipulating an authorization token could escalate privileges?
In this episode of Hacked & Secured: Pentest Exploits & Mitigations, we break down three real-world pentest findings that prove creative exploitation turns small flaws into critical security risks:
- Chaining IDORs for account takeover – Exploiting weak access controls.
- CSRF bypass to reset security questions – Turning one click into total compromise.
- Privilege escalation via token manipulation – How a simple change led to admin access.
Learn how these vulnerabilities were discovered, exploited, and mitigated.
Chapters:
00:00 - INTRO
01:02 - FINDING #1 - Account Takeover by Chaining Two IDORs
07:19 - FINDING #2 - Account Takeover Through CSRF Vulnerability in Security Questions
12:18 - FINDING #3 - Privilege Escalation Through Authorization Token Manipulation
17:05 - OUTRO
Want your pentest discovery featured? Submit your creative findings through the Google Form in the episode description, and we might showcase your finding in an upcoming episode!
🌍 Follow & Connect → LinkedIn, YouTube, Twitter, Instagram
📩 Submit Your Pentest Findings → https://forms.gle/7pPwjdaWnGYpQcA6A
📧 Feedback? Email Us → [email protected]
🔗 Podcast Website → Website Link
View all episodes
By Amin MalekpourWhat if you could take over an account—not by cracking a password, but by chaining two overlooked vulnerabilities? What if a single CSRF exploit let attackers reset security questions and hijack accounts? And what if manipulating an authorization token could escalate privileges?
In this episode of Hacked & Secured: Pentest Exploits & Mitigations, we break down three real-world pentest findings that prove creative exploitation turns small flaws into critical security risks:
- Chaining IDORs for account takeover – Exploiting weak access controls.
- CSRF bypass to reset security questions – Turning one click into total compromise.
- Privilege escalation via token manipulation – How a simple change led to admin access.
Learn how these vulnerabilities were discovered, exploited, and mitigated.
Chapters:
00:00 - INTRO
01:02 - FINDING #1 - Account Takeover by Chaining Two IDORs
07:19 - FINDING #2 - Account Takeover Through CSRF Vulnerability in Security Questions
12:18 - FINDING #3 - Privilege Escalation Through Authorization Token Manipulation
17:05 - OUTRO
Want your pentest discovery featured? Submit your creative findings through the Google Form in the episode description, and we might showcase your finding in an upcoming episode!
🌍 Follow & Connect → LinkedIn, YouTube, Twitter, Instagram
📩 Submit Your Pentest Findings → https://forms.gle/7pPwjdaWnGYpQcA6A
📧 Feedback? Email Us → [email protected]
🔗 Podcast Website → Website Link