Cross-Site Request Forgery (CSRF) in monicahq/monica

Reported on Jun 3rd 2021

✍️ Description

The /settings/exportToSql endpoint does not have CSRF Protection. This could be used to force download account data and potentially spoof users.

🕵️‍♂️ Proof of Concept

Login to user account. Create the following file and open the page in browser.

// PoC.html
        To verify that you are a human, upload the file that has been downloaded from our website now.
        <a href="">Download Test File</a>

This downloads user's data from the application without user's permission. An attacker can then spoof the user to upload this file into an attacker controlled server.

💥 Impact

Potential private information leakage through phishing by exploiting missing CSRF token.

Yadhu Krishna M
2 months ago


Alexis Saettler validated this vulnerability a month ago
Yadhu M has been awarded the disclosure bounty
The fix bounty is now up for grabs
Alexis Saettler confirmed that a fix has been merged on cefeb9 a month ago
Alexis Saettler has been awarded the fix bounty