Scribd
Upload
101 views9 pages

CSRF Account Takeover Explained Automated+Manual

The document discusses a CSRF vulnerability that could lead to account takeover on the website https://openmenu.com. It explains how an attacker could intercept a profile change request and modify the email or password fields to hijack a victim's account without authentication. The vulnerability has since been patched by the site. Details on manually and automatically exploiting the flaw through a proof of concept are provided.

Uploaded by

Ak
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
101 views9 pages

CSRF Account Takeover Explained Automated+Manual

The document discusses a CSRF vulnerability that could lead to account takeover on the website https://openmenu.com. It explains how an attacker could intercept a profile change request and modify the email or password fields to hijack a victim's account without authentication. The vulnerability has since been patched by the site. Details on manually and automatically exploiting the flaw through a proof of concept are provided.

Uploaded by

Ak
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 9

CSRF account takeover Explained

Automated/Manual
Vulnerables Follow
Oct 26, 2018 · 2 min read

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
H
ere is the second CSRF vulnerability which leads to full account
takeover and as it is patched, we decided to share the PoC also. So
when Anti-CSRF token is implemented, your website will include a random
generated number or token to every page which is impossible to guess by
the attacker so website will include it when they serve it to you. It di ers
each time they serve any page to anybody so attacker won’t be able to
generate a valid request because of the wrong token.

. . .

Vulnerability: CSRF/XSRF (Cross site request forgery)


Severity: Critical
Owasp rank: (OTG-SESS-005)

Cross site request forgery (Patched)


Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
So the vulnerable website is https://openmenu.com

Create two accounts csrfattacker (Mozilla) and csrfvictim (Chrome) or


you can also test it with one account.

Open any web proxy tool and turn intercept on to catch the request of
the pro le change.

After login in both accounts with di erent browsers go to account


settings and click on account settings in mozilla, Fill up the mendatory
elds and click on save changes.(Pic below)

Request

We can exploit the form both ways manual/automated and here in the
PoC we’ve explained both methods. So more detailed exploitation you

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
can go through video.

So right click on the intercepted request and select Engagement tools


and click on ‘Generate PoC request’, Here copy HTML and save it as
open.html

Exploit

change the email id in the html if you want takeover with email.

In new tab in chrome open open.html and click on submit request and
you’ll get victim’s account with Email/Password changed, to cross verify
you can refresh the rst tab.

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Below is the video PoC

CSRF account takeover Explained - Manual/Automate…


Watch later Share

PoC

25-Sep-2018 → Bug Reported

26-sep-2018 → Bug Triaged

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
27-sep-2018 → Bug Fixed

Have a happy hunting 😃

Security Infosec Vulnerability Csrf Bug Bounty

127 claps

WRITTEN BY

Vulnerables Follow

Vulnerabilities | Write-ups | Publication link is below |


https://medium.com/vulnerables

InfoSec Write-ups Follow

A collection of write-ups from the best hackers in the world on


topics ranging from bug bounties and CTFs to vulnhub
machines, hardware challenges and real life encounters. In a
nutshell, we are the largest InfoSec publication on Medium.
Powered by Hackrew

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
See responses (1)

More From Medium

More from InfoSec Write-ups

Ping Power — ICMP Tunnel


Nir Chako in InfoSec Write-ups
Dec 17, 2018 · 8 min read 1.1K

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
More from InfoSec Write-ups

Picture Yourself Becoming a Hacker Soon


(Beginner’s Guide)
Abanikanda in InfoSec Write-ups
Aug 16 · 16 min read 483

More from InfoSec Write-ups

Antivirus Evasion with Python


Marcelo Sacchetin in InfoSec Write-ups
Jun 11 · 6 min read 610

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Discover Medium Make Medium yours Become a member
Welcome to a place where words matter. Follow all the topics you care about, and Get unlimited access to the best stories on
On Medium, smart voices and original we’ll deliver the best stories for you to your Medium — and support writers while
ideas take center stage - with no ads in homepage and inbox. Explore you’re at it. Just $5/month. Upgrade
sight. Watch

About Help Legal

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD

You might also like