A work colleague of mine (I had a crush on) built this website she kept boasting about. I fooled around a bit and found out that she hadn't taken any measures against CSRF. (i.e the server wasn't verifying where exactly all the POST and GET requests were coming from). I did mention this to her but she didn't bat an eye.

Assuming she was already logged in to her website, I built a fake login page and got her to type her credentials in it. Since her login session was already active, I got access, we laughed it off and I ended up 'phishing' for a date. Went out on a few more until she moved to another city and it kinda died out.

Your Job Suck?
Get a Better Job
Add Comment