Business Logic Errors in braitsch/node-login
Nov 24th 2020
node-login is a template for quickly building login systems on top of Node.js & MongoDB. The business logic which updates account details fails to verify if the provied email is associated with another account.
Proof of Concept
- Navigate to
/signupand Create two accounts with data like below
- Account 1 - username: victim, email: email@example.com
- Account 2 - username: hacker, email: firstname.lastname@example.org
- Account creation functionality does not allows to create user with existing email.
- Login to the hacker account
- In the account update section, change the email field with victim email and submit the form.
- Now both accounts are associated with victim's email.
- Check MongoDB backend for confirmation
to join this conversation