Account Takeover via CSRF

InfoSec Write-ups – Medium–

This is my first blog so ignore if I make any mistakes.

Hi all

I found a responsible disclosure program through google dork which is insecure from the CSRF attack, there was no CSRF token exist while updating the record.

For the individuals who don’t know about CSRF, it is a web application attack where an attacker stunts or powers the client to present his malicious request which the client isn’t proposed.

In a straightforward manner, if a server isn’t approving a request sent from the client, the attacker can create a malicious request and stunt the client to tap on it which will result in a modification in users' accounts like password or email.

Let start with POC

  • First, create an account as an attacker and fill all the form, check your info in the Account Detail.
  • Change the email and capture the request, then created a CSRF Exploit.
  • The CSRF Exploit looks like as given below. I have replaced the email value to anyemail@*******.com and submitted a request in the victim’s account.
  • In the following stage, I just forward the above request and vola! My exploit worked, so by this exploit, I changed my email to the victim’s email and by using the forgot password method to retrieve the password reset link to my email and I have full control over the victim’s account.

Report Submission: Mon, 1 Jun 2020

Confirmation of Fix: May 4, 2020

Finally, the Gift card awarded

I still have to learn a lot and this motivated me to keep continuing the journey.

Hope you find this useful, I tried my best to explain. Please share so that others can learn from it.

Thank You.

Account Takeover via CSRF was originally published in InfoSec Write-ups on Medium, where people are continuing the conversation by highlighting and responding to this story.

View original article on InfoSec Write-ups – Medium

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s