Cross-Site Request Forgery (CSRF) in monicahq/monica


Reported on

Jun 3rd 2021

✍️ Description

The /settings/exportToSql endpoint does not have CSRF Protection. This could be used to force download account data and potentially spoof users.

🕵️‍♂️ Proof of Concept

Login to user account. Create the following file and open the page in browser.

// PoC.html
        To verify that you are a human, upload the file that has been downloaded from our website now.
        <a href="">Download Test File</a>

This downloads user's data from the application without user's permission. An attacker can then spoof the user to upload this file into an attacker controlled server.

💥 Impact

Potential private information leakage through phishing by exploiting missing CSRF token.

Yadhu Krishna M
2 years ago


Alexis Saettler validated this vulnerability 2 years ago
Oomb has been awarded the disclosure bounty
The fix bounty is now up for grabs
Alexis Saettler marked this as fixed with commit cefeb9 2 years ago
Alexis Saettler has been awarded the fix bounty
This vulnerability will not receive a CVE
to join this conversation