The application lacks protection against Cross-Site Request Forgery (CSRF) because it fails to verify the implementation of the CSRF Token.
For example, if a victim visits the following site (crafted by the attacker) while logged in at the target application, the browser will issue the request (under the victim’s context):
This request results in a change in the victim’s registered email into an email that the attacker chooses, thus making the victim unable to login using their previous credentials.
The image below shows the poc needed to change the credentials:
https://drive.google.com/file/d/1Wvj8BlXlRs64N96tu6lNZSf71Hn5bjYM/view
The next image is the unchanged email address:
https://drive.google.com/file/d/1nCl1CVY87W_H8mfh9v14k2aF67HmqNFV/view
The below images shows the changed request and the browser behaviour:
https://drive.google.com/file/d/1eX8DKK4YaRBhHp4SVHfTarlG7qZLoX_x/view
https://drive.google.com/file/d/1AkdJkOh8CQtGIZKtS9gSyvGLe811cFLO/view
The next image shows the user being unable to login with their previous credentials:
https://drive.google.com/file/d/1xgyOHLLUP2PYxHm-7t7-79vjVZHHXToC/view