CSRF attack used to change user's email, thus blocking its access to the application. in squidex/squidex
Jan 26th 2023
The application lacks protection against Cross-Site Request Forgery (CSRF) because it fails to verify the implementation of the CSRF Token.
For example, if a victim visits the following site (crafted by the attacker) while logged in at the target application, the browser will issue the request (under the victim's context):
This request results in a change in the victim's registered email into an email that the attacker chooses, thus making the victim unable to login using their previous credentials.
Proof of Concept
The image below shows the poc needed to change the credentials:
The next image is the unchanged email address:
The below images shows the changed request and the browser behaviour:
The next image shows the user being unable to login with their previous credentials:
This vulnerability is capable of denying a valid user its access to the application.