A cybersecurity enthusiast, researcher, and CTF player.
These notes are created from my personal experiences and exploration.
CSRF to Stored XSS to Account Takeover on ChildsMath
A CSRF vulnerability on ChildsMath’s profile update endpoint that enabled stored XSS via unsanitized name fields — the injected script persisted across every page in the application, and the same request could change the recovery email to execute a full account takeover.
Bypassing SameSite Cookie Protection on an Academic Platform via the Lax+2min Window
How Chrome’s ‘Lax + 2 minute’ cookie intervention opened a CSRF window on ChildsMath, a math learning platform used by McMaster University students — letting an attacker silently redirect a student’s grades to an attacker-controlled email.
One-Click Account Takeover via CSRF on Email Change Endpoint
A critical CSRF vulnerability in a popular reading platform’s email change endpoint that required nothing more than a single click to fully hijack an account.