jitendra chandel

Published On: 14 Jul 2021

Account Takeover via CSRF

CSRF
General | Web
hall of fame
HIGH VALID

I Found Account Takeover via CSRF and Password Reset Function .

Description

There is no protection against CSRF in changing email which lead to CSRF to account takeover

Impact

It is a critical issue as i was able to takeover anyone account using this attack. This vulnerability is high/critical because I was able to perform account takeover




Reproduction Steps

Step
1

Create an account as an attacker and go to Account Setting and update account information .

Show Image

Step
2

Capture the request using burpsuite and genetarte CSRF POC

Show Image

Step
3

The CSRF code looks like as in image . I have replaced the email value to [email protected]*******.com and submitted a request in the victim’s account

 

Show Image

Step
4

now I just forward the above request and  csrf code worked.so by this exploit, I changed victim account to my email .

 

Step
5

Last step to account tackeover using the forgot password method to retrieve the password reset link to my email and I have full control over the victim’s account.


Videos

Timeline
.
jitendra 11 Jul 2021

Send to Report

12 Jul 2021

Close the as a vaild mention my name as a credit in Security Policy page (hall of fame )

VALID