How i found creative bug and how able to change the impact from low to high?

Cysky0x1
3 min readSep 10, 2023

--

Hello everyone !!! Hope all are good and fine.

I’m back again, in this is my report i well show How i found creative bug and how able to change the impact from low to high?

Are you exciteabile????
Let’s go

First When I was trying to understand the functions of the target, I found that the user is not allowed to change his email. Well, why don’t we try to change it, but how?

Well, I tried changing the username to see what the request contains?

firstName=attacker&lastName=test&gender=Male&dateOfBirth=date&phoneNumber=55465&token=tokenUser

In this case I add some parameters such as: email , emailUser , Email , Address, email_confirm …..etc

But all my attempts were in failure

I left the target for hours and then tried again…

Well, it worked this time. I found that this parameter changes the user’s email after they confirm it “emailAddress” . This is a vulnerability and a violation of secure design principles

Then, let’s go report, but wait a minute!! why don’t we try raising the impact a little and get a big reward

Have you thought of anything else with me?!

Yahhh, of course
ِAccoount takeover :) , since we can change the mail there may be a weakness!!!

But the road was about to be closed!! because there was a token, but slow down, go back and read My methodology to bypass CSRF token with 5 Methods important !!

I found “method 2” the server is not validated another csrf i able to change csrf to another csrf token account , i have successfully bypassed csrf protection and can perform i own CSRF attack.

summary

add parameter emailAddress via request to success change email > bypass csrf token via change another csrf token account > create csrf POC and reported ATO

Thank you for taking the time to read this piece. Kindly remember to leave a comment sharing your thoughts on the blog if you liked them.

Feed | LinkedIn — My LinkedIn Profile

--

--