{"id":389,"date":"2021-09-11T20:33:34","date_gmt":"2021-09-11T15:03:34","guid":{"rendered":"https:\/\/www.pethuraj.com\/blog\/?p=389"},"modified":"2021-09-11T23:47:27","modified_gmt":"2021-09-11T18:17:27","slug":"cyfe-csrf-vulnerability-writeup","status":"publish","type":"post","link":"https:\/\/www.pethuraj.com\/blog\/cyfe-csrf-vulnerability-writeup\/","title":{"rendered":"Cyfe.com – CSRF Vulnerability Writeup"},"content":{"rendered":"\n

Hi infosec folks, Here is a writeup on how I am able to do a CSRF attack on one of the subdomains of Cyfe.com. <\/p>\n\n\n\n

This bug could allow an attacker to force a user in cyfe.com, to make certain requests which would allow modifying the user account details. This is possible because the website www.cyfe.com doesn\u2019t implement any security measurements like special tokens or headers to prevent CSRF attacks.<\/p>\n\n\n\n

So as usual I started with recon and decided my target subdomain. After trying for different attack vectors I noticed that there is no CSRF tokens in the Http Request. So as obvious I decided to go for a CSRF attack. I explored the application and able to find an update profile page where there is an endpoint for email preferences.<\/p>\n\n\n\n

For CSRF attack we would require two accounts, one for attacker other for the victim. I signed up on both the accounts and went to update profile and uncheck the email preferences from attacker\u2019s account. By default on both the accounts, the email preference field is checked. <\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

I intercepted the request and generated CSRF POC.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

The generated CSRF POC is a html file with hidden parameters and submit button to check the email preferences field. Send this html file to victim or opened it in the victim\u2019s browser. The victim will click the submit button and boom it will lead to uncheck the email preference field in victim\u2019s account that\u2019s a forged request.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Glad to secure Cyfe asset from CSRF attack. I hope you like this writeup and below is the Hall of Fame from the Cyfe Team.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Get in touch with me – <\/strong><\/p>\n\n\n\n

https:\/\/twitter.com\/Pethuraj<\/a>
https:\/\/www.linkedin.com\/in\/pethu\/<\/a><\/p>\n\n\n\n

You may like!<\/strong><\/p>\n\n\n

\"\"<\/a>\n

How to use Burp Suite Like a PRO? PART \u2013 2<\/a><\/h4>\n
Ready to level up your Burp Suite skills? In part 2, I've compiled some awesome tips and tricks to help ...
Read More<\/a><\/div><\/div><\/div><\/div>\n
\"burp<\/a>\n

How to use Burp Suite Like a PRO? PART – 1<\/a><\/h4>\n
This blog series is an advanced tutorial of the popular web application security and penetration testing tool Burp Suite,\u00a0to help ...
Read More<\/a><\/div><\/div><\/div><\/div><\/div><\/div><\/div>\n","protected":false},"excerpt":{"rendered":"

A writeup about the CSRF vulnerability that was present at cyfe.com and it’s exploitation.<\/p>\n","protected":false},"author":1,"featured_media":399,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16],"tags":[15],"class_list":["post-389","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-csrf","tag-csrf"],"yoast_head":"\nCyfe.com - CSRF Vulnerability Writeup - Pethuraj's Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.pethuraj.com\/blog\/cyfe-csrf-vulnerability-writeup\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cyfe.com - CSRF Vulnerability Bug Bounty Writeup\" \/>\n<meta property=\"og:description\" content=\"A writeup about the CSRF vulnerability that was present at cyfe.com and it's exploitation.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.pethuraj.com\/blog\/cyfe-csrf-vulnerability-writeup\/\" \/>\n<meta property=\"og:site_name\" content=\"Pethuraj's Blog\" \/>\n<meta property=\"article:published_time\" content=\"2021-09-11T15:03:34+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-09-11T18:17:27+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.pethuraj.com\/blog\/wp-content\/uploads\/2021\/09\/Cyfe.png\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Cyfe.com - CSRF Vulnerability Bug Bounty Writeup\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.pethuraj.com\/blog\/wp-content\/uploads\/2021\/09\/Cyfe.png\" \/>\n<meta name=\"twitter:creator\" content=\"@Pethuraj\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/cyfe-csrf-vulnerability-writeup\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/cyfe-csrf-vulnerability-writeup\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/#\\\/schema\\\/person\\\/6753ae21567c179c4592cb8ed33406aa\"},\"headline\":\"Cyfe.com – CSRF Vulnerability Writeup\",\"datePublished\":\"2021-09-11T15:03:34+00:00\",\"dateModified\":\"2021-09-11T18:17:27+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/cyfe-csrf-vulnerability-writeup\\\/\"},\"wordCount\":308,\"publisher\":{\"@id\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/cyfe-csrf-vulnerability-writeup\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/09\\\/Cyfe.png\",\"keywords\":[\"csrf\"],\"articleSection\":[\"CSRF\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/cyfe-csrf-vulnerability-writeup\\\/\",\"url\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/cyfe-csrf-vulnerability-writeup\\\/\",\"name\":\"Cyfe.com - CSRF Vulnerability Writeup - Pethuraj's Blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/cyfe-csrf-vulnerability-writeup\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/cyfe-csrf-vulnerability-writeup\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/09\\\/Cyfe.png\",\"datePublished\":\"2021-09-11T15:03:34+00:00\",\"dateModified\":\"2021-09-11T18:17:27+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/cyfe-csrf-vulnerability-writeup\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/cyfe-csrf-vulnerability-writeup\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/cyfe-csrf-vulnerability-writeup\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/09\\\/Cyfe.png\",\"contentUrl\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/09\\\/Cyfe.png\",\"width\":800,\"height\":400,\"caption\":\"Cyfe bug bounty writeup\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/cyfe-csrf-vulnerability-writeup\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cyfe.com – CSRF Vulnerability Writeup\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/\",\"name\":\"Pethuraj's Blog\",\"description\":\"Bug Bounty Writeups\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/#organization\",\"name\":\"Pethuraj's Blog\",\"url\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/05\\\/pethuraj.png\",\"contentUrl\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/05\\\/pethuraj.png\",\"width\":949,\"height\":268,\"caption\":\"Pethuraj's Blog\"},\"image\":{\"@id\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/#\\\/schema\\\/person\\\/6753ae21567c179c4592cb8ed33406aa\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/62aeafbe8da471ade35eb14bbbac3f6c7206b2574d0889bd6b1128fb61ca5644?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/62aeafbe8da471ade35eb14bbbac3f6c7206b2574d0889bd6b1128fb61ca5644?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/62aeafbe8da471ade35eb14bbbac3f6c7206b2574d0889bd6b1128fb61ca5644?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/pethuraj.com\\\/blog\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/pethu\\\/\",\"https:\\\/\\\/x.com\\\/Pethuraj\"],\"url\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/author\\\/admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Cyfe.com - CSRF Vulnerability Writeup - Pethuraj's Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.pethuraj.com\/blog\/cyfe-csrf-vulnerability-writeup\/","og_locale":"en_US","og_type":"article","og_title":"Cyfe.com - CSRF Vulnerability Bug Bounty Writeup","og_description":"A writeup about the CSRF vulnerability that was present at cyfe.com and it's exploitation.","og_url":"https:\/\/www.pethuraj.com\/blog\/cyfe-csrf-vulnerability-writeup\/","og_site_name":"Pethuraj's Blog","article_published_time":"2021-09-11T15:03:34+00:00","article_modified_time":"2021-09-11T18:17:27+00:00","og_image":[{"width":800,"height":400,"url":"https:\/\/www.pethuraj.com\/blog\/wp-content\/uploads\/2021\/09\/Cyfe.png","type":"image\/png"}],"author":"admin","twitter_card":"summary_large_image","twitter_title":"Cyfe.com - CSRF Vulnerability Bug Bounty Writeup","twitter_image":"https:\/\/www.pethuraj.com\/blog\/wp-content\/uploads\/2021\/09\/Cyfe.png","twitter_creator":"@Pethuraj","twitter_misc":{"Written by":"admin","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.pethuraj.com\/blog\/cyfe-csrf-vulnerability-writeup\/#article","isPartOf":{"@id":"https:\/\/www.pethuraj.com\/blog\/cyfe-csrf-vulnerability-writeup\/"},"author":{"name":"admin","@id":"https:\/\/www.pethuraj.com\/blog\/#\/schema\/person\/6753ae21567c179c4592cb8ed33406aa"},"headline":"Cyfe.com – CSRF Vulnerability Writeup","datePublished":"2021-09-11T15:03:34+00:00","dateModified":"2021-09-11T18:17:27+00:00","mainEntityOfPage":{"@id":"https:\/\/www.pethuraj.com\/blog\/cyfe-csrf-vulnerability-writeup\/"},"wordCount":308,"publisher":{"@id":"https:\/\/www.pethuraj.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.pethuraj.com\/blog\/cyfe-csrf-vulnerability-writeup\/#primaryimage"},"thumbnailUrl":"https:\/\/www.pethuraj.com\/blog\/wp-content\/uploads\/2021\/09\/Cyfe.png","keywords":["csrf"],"articleSection":["CSRF"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.pethuraj.com\/blog\/cyfe-csrf-vulnerability-writeup\/","url":"https:\/\/www.pethuraj.com\/blog\/cyfe-csrf-vulnerability-writeup\/","name":"Cyfe.com - CSRF Vulnerability Writeup - Pethuraj's Blog","isPartOf":{"@id":"https:\/\/www.pethuraj.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.pethuraj.com\/blog\/cyfe-csrf-vulnerability-writeup\/#primaryimage"},"image":{"@id":"https:\/\/www.pethuraj.com\/blog\/cyfe-csrf-vulnerability-writeup\/#primaryimage"},"thumbnailUrl":"https:\/\/www.pethuraj.com\/blog\/wp-content\/uploads\/2021\/09\/Cyfe.png","datePublished":"2021-09-11T15:03:34+00:00","dateModified":"2021-09-11T18:17:27+00:00","breadcrumb":{"@id":"https:\/\/www.pethuraj.com\/blog\/cyfe-csrf-vulnerability-writeup\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.pethuraj.com\/blog\/cyfe-csrf-vulnerability-writeup\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.pethuraj.com\/blog\/cyfe-csrf-vulnerability-writeup\/#primaryimage","url":"https:\/\/www.pethuraj.com\/blog\/wp-content\/uploads\/2021\/09\/Cyfe.png","contentUrl":"https:\/\/www.pethuraj.com\/blog\/wp-content\/uploads\/2021\/09\/Cyfe.png","width":800,"height":400,"caption":"Cyfe bug bounty writeup"},{"@type":"BreadcrumbList","@id":"https:\/\/www.pethuraj.com\/blog\/cyfe-csrf-vulnerability-writeup\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.pethuraj.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Cyfe.com – CSRF Vulnerability Writeup"}]},{"@type":"WebSite","@id":"https:\/\/www.pethuraj.com\/blog\/#website","url":"https:\/\/www.pethuraj.com\/blog\/","name":"Pethuraj's Blog","description":"Bug Bounty Writeups","publisher":{"@id":"https:\/\/www.pethuraj.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.pethuraj.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.pethuraj.com\/blog\/#organization","name":"Pethuraj's Blog","url":"https:\/\/www.pethuraj.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.pethuraj.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.pethuraj.com\/blog\/wp-content\/uploads\/2021\/05\/pethuraj.png","contentUrl":"https:\/\/www.pethuraj.com\/blog\/wp-content\/uploads\/2021\/05\/pethuraj.png","width":949,"height":268,"caption":"Pethuraj's Blog"},"image":{"@id":"https:\/\/www.pethuraj.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.pethuraj.com\/blog\/#\/schema\/person\/6753ae21567c179c4592cb8ed33406aa","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/62aeafbe8da471ade35eb14bbbac3f6c7206b2574d0889bd6b1128fb61ca5644?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/62aeafbe8da471ade35eb14bbbac3f6c7206b2574d0889bd6b1128fb61ca5644?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/62aeafbe8da471ade35eb14bbbac3f6c7206b2574d0889bd6b1128fb61ca5644?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/pethuraj.com\/blog","https:\/\/www.linkedin.com\/in\/pethu\/","https:\/\/x.com\/Pethuraj"],"url":"https:\/\/www.pethuraj.com\/blog\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/www.pethuraj.com\/blog\/wp-json\/wp\/v2\/posts\/389","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.pethuraj.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.pethuraj.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.pethuraj.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.pethuraj.com\/blog\/wp-json\/wp\/v2\/comments?post=389"}],"version-history":[{"count":6,"href":"https:\/\/www.pethuraj.com\/blog\/wp-json\/wp\/v2\/posts\/389\/revisions"}],"predecessor-version":[{"id":403,"href":"https:\/\/www.pethuraj.com\/blog\/wp-json\/wp\/v2\/posts\/389\/revisions\/403"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.pethuraj.com\/blog\/wp-json\/wp\/v2\/media\/399"}],"wp:attachment":[{"href":"https:\/\/www.pethuraj.com\/blog\/wp-json\/wp\/v2\/media?parent=389"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.pethuraj.com\/blog\/wp-json\/wp\/v2\/categories?post=389"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.pethuraj.com\/blog\/wp-json\/wp\/v2\/tags?post=389"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}