Due to maintenance , popular freelancing website “FIVERR” has been down. Maintenance is taking more time then usual, thats why may freelancer was in shocked and was searching reason behind this unscheduled interrupt on fiverr. So here is the reason that i could figure out why fiverr did so..
What happened to Fiverr?
Fiverr is vulnerable?
Fiverr, and market all over the world on the Internet that provides a system for those already offers special services for a period of five dollars for each position, is vital to the sensitivity of the employment of vulnerable site, which is often put their clients countless on the line. Fiverr recently raised thirty million dollars within the corporate finance group well-rounded to keep going in support of the new lineup of the market to them. But the company has ignored the warning improve the importance of one of the many indicators inspected invasion.
Which showed clients are exposed as the hunter and his website or Facebook account opened for the unguarded.There the general public may be endless variety of some people and the provision of services on Fiverr on the Internet, such as graphic design, and different cultures using other words, for example, the publication of in fact, starting from only five bucks, but you can go too high, according to the complexity, resource assessment, the amount of work.
What is CSRF?
Through the website that asks for fraud, better known as one-click confront or set using the written and seen as CSRF or XSRF, but is basically a kind of perception episode about a website people online. Where many illegal orders usually from pirates or intruder transfer. Which web pages you trust the initial user.
Whenever someone types on the keyboard, and then decides to press his e-mail and connect to the existing key related with Fiverr. You can guess what happens? Gets replaced with your e-mail with e-mail preference for gaseous and the programs on his journey to the subscription page on the Internet. He said he could progress to full acceptance to the membership of the victim. Fiverr, which enjoys great popularity with the use of freelancers, has recently invested $ 30 in a series C round of Finance to go with the latest products from the market to support her.
But the group seem less interested in infiltration from Internet threats, and also did not take any action to set directly portability. When the reports came from the investigator. At this stage Fiverr vulnerable to CSRF weakness, but now when you use a weak position in the field of government departments, along with the participants Fiverr you expect Piece Fast / repair for portability mentioned with customer accounts.
How is that?
Every striker needs to do is get on the goal of the Mozilla Firefox browser to create your own blog application instead of them. Whenever you can either: convince both customers to then really check out the HTML page they’ve made
visited.Add at random HTML into a Web-objectivity page that you have chosen as a consumer to visit this is not to difficult, but it may be simple.
In this case, the attacker can only needs to know the qualities Fiverr HYPERLINK consider the injured party does not have the slightest idea in order to stop the trip and weaknesses. The use of tools which are something like a mugger. He can trade and hosting trip online within the page itself hosting server for him.
If the injured party and the registration is already a member of Fiverr him using the same browser, and CSRF subjected likely silently sharing Fiverr victim’s e-mail account with your e-mail address of the attacker. When finished, the attacker may just take the victim’s membership only through personal change distinguishable from “password reset” an opportunity of a web site. Let’s hope the security team at Fiverr will repair it as soon as possible.
Here is the Screen-shots when people try to visit fiverr.com
Statistic view of fiver
This picture shows fiverr availability status source: currentlydown
Fiverr Official Statements on Twitter and Facebook