Millions of Fiverr.com Accounts Vulnerable to hackers using critical CSRF Vulnerability


A newly detected critical Vulnerability in the Fiverr.com has put up to millions of its users at the risk of being hacked and scammed.An independent Security researcher Mohamed Abdelbaset  from Egypt  discovered  a critical CSRF Vulnerability in the Fiverr.com which allows a attacker to hack any user account available on the Fiverr

 

Millions of Fiverr.com Accounts Vulnerable to hackers using critical CSRF Vulnerability

Fiverr is a global online marketplace offering  tasks and services,   beginning at a cost  of  $5  per job performed,from which it gets its name. The site is primarily used by freelancers who use Fiverr to offer a variety of different services, and by customers
who are interested in buying those services.

What is CSRF?

Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF or XSRF, is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the websitetrusts.

Abdelbaset Showed the proof of concept in a video which is given below:

  1. Attacker sends a link to the exploit page(webpage specially designed by the attacker).
  2. When the Victim clicks the link his current email associated with the fiverr. com gets replaced with the email Attacker coded in his exploit page.
  3. Attacker gains full access to the victim’s Account.

Fiverr which is very popular with freelancers, had recently raised $30 million in a Series C round of funding to continue supporting the new version of its marketplace. The Company however seems to be less worried about  security  from  cyber  threats and has not taken any steps to fix the vulnerability when reported by the researcher. As of now Fiverr is vulnerable to the CSRF vulnerability, now however with the vulnerability being placed in public domain,  we as well as Fiverr users  can expect a quick patch/fix for the mentioned vulnerability.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s