Description

The application lacks protection against Cross-Site Request Forgery (CSRF) because it fails to verify the implementation of the CSRF Token.

For example, if a victim visits the following site (crafted by the attacker) while logged in at the target application, the browser will issue the request (under the victim's context):

This request results in a change in the victim's registered email into an email that the attacker chooses, thus making the victim unable to login using their previous credentials.

Proof of Concept

The image below shows the poc needed to change the credentials:

https://drive.google.com/file/d/1Wvj8BlXlRs64N96tu6lNZSf71Hn5bjYM/view

The next image is the unchanged email address:

https://drive.google.com/file/d/1nCl1CVY87W_H8mfh9v14k2aF67HmqNFV/view

The below images shows the changed request and the browser behaviour:

https://drive.google.com/file/d/1eX8DKK4YaRBhHp4SVHfTarlG7qZLoX_x/view

https://drive.google.com/file/d/1AkdJkOh8CQtGIZKtS9gSyvGLe811cFLO/view

The next image shows the user being unable to login with their previous credentials:

https://drive.google.com/file/d/1xgyOHLLUP2PYxHm-7t7-79vjVZHHXToC/view

Impact

This vulnerability is capable of denying a valid user its access to the application.