Skip to content

Vulnerability Report : Login Cross Site Request Forgery (CSRF) #9

New issue
New issue
Open
Open
Vulnerability Report : Login Cross Site Request Forgery (CSRF)#9
@AbdullahJaved699

Description

@AbdullahJaved699
AbdullahJaved699
opened on Sep 13, 2020

Hi
I found vulnerability in your website.

URL: https://www.nolimitcoin.com/signin.php

Request
POST /edit_ops.php HTTP/1.1
Host: www.nolimitcoin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:80.0) Gecko/20100101 Firefox/80.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 548
Origin: https://www.nolimitcoin.com
Connection: close
Referer: https://www.nolimitcoin.com/signin.php?logout=success
Cookie: __zlcmid=xEizFUMsEjp8tY; __cfduid=d41a3b52298282b82eaa2e2bd118435221599759604; PHPSESSID=d2vcvufu4jgpg900j7vs37v344; HttpOnly
Upgrade-Insecure-Requests: 1

{"Login":"abdullahjaved699@gmail.com","Password":"user_password_here"}

As you can see that this form does not contain any CSRF token,So it is vulnerable to Login CSRF attack.

Description:

There is no CSRF token while logging in which leads to csrf.

Steps To Reproduce:

  1. Create a CSRF login POC using the following code.
<script>history.pushState('', '', '/')</script> 
  <input type="submit" value="Submit request" />
</form>

  1. Replace the email and password with the valid credentials.

  2. Send the script to the victim to make them click.

References:

csrf here: https://hackerone.com/reports/577920
Read for more information about the requirement of CSRF tokens on login forms. https://stackoverflow.com/questions/6412813/do-login-forms-need-tokens-against-csrf-attacks

Impact

  1. Log any victim into the attacker account, the attacker can create a similar account profile as the victim - with some information missing, and then social-engineering (e.g. email) user to provide personal information or current password and can also monitor the victim activities.
  2. Also the victim may add his payment info in the attackers account unknowingly using your wallet feature.
    The hacker selected the Cross-Site Request Forgery (CSRF) weakness. This vulnerability type requires contextual information from the hacker.

Fix:

Need to set the CSRF Token

I Hope that you will fix this issue as soon as possible. Looking forward to hear from you. Thank you .

Regards,
Abdullah Javed
(Security Researcher)

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions