Cross-Site Request Forgery (CSRF) in monicahq/monica

Valid
Reported on Jun 3rd 2021

✍️ Description

The /settings/exportToSql endpoint does not have CSRF Protection. This could be used to force download account data and potentially spoof users.

🕵️‍♂️ Proof of Concept

Login to user account. Create the following file and open the page in browser.

// PoC.html
<html>
<body>
        To verify that you are a human, upload the file that has been downloaded from our website now.
        <a href="https://app.monicahq.com/settings/exportToSql">Download Test File</a>
</body>
</html>

This downloads user's data from the application without user's permission. An attacker can then spoof the user to upload this file into an attacker controlled server.

💥 Impact

Potential private information leakage through phishing by exploiting missing CSRF token.

Yadhu Krishna M
2 months ago

wow

Alexis Saettler validated this vulnerability a month ago
Yadhu M has been awarded the disclosure bounty
$150
The fix bounty is now up for grabs
$37.5
Alexis Saettler confirmed that a fix has been merged on cefeb9 a month ago
Alexis Saettler has been awarded the fix bounty
$37.5