[Critical - IBM] Bypass CSRF protection lead to account takeover
What is CSRF?
CSRF is an attack when tricks the victim to send a malicious request to the website which affected with CSRF vulnerability this request can be used to send a request to change the Username, Password, Emails and etc...
What did I found on IBM?
when I test IBM main domain I send a request to change my email and I notice that the website send a GET request to change the email but the cool thing that no CSRF tokens on the request so I said this is CSRF :P, but when I try to exploit the CSRF attack it gives me an error so I was like:( https://www.ibm.com/ibmweb/myibm/account/sendmail?locale=us-en&email=attackeremail@email.com )
to change his email to mine and gain Account takeover when I bypass it I was like:
now the POC Video:
Impact
this issue can be used to steal the accounts of IBM users by just open the attacker website, this issue can be used to steal the IBM staff and this will be used to gain damage to the company.
this issue can be used to steal the accounts of IBM users by just open the attacker website, this issue can be used to steal the IBM staff and this will be used to gain damage to the company.
I hope this topic helped someone and I want to thank @zseano, thank you for reading.
Good Work, But Where Is The Mitigation or a hint for how to mitigate this??
ReplyDelete