Now, we will review some real CSRF bugs that have been reported in the bug bounty platforms.
On December 7th, 2015, a bug bounty hunter called Harishkumar reported a CSRF vulnerability to Shopify, a method contained in the Shopify API.
The weakness analyzed by Harishkumar is the following:
<html> <head><title>csrf</title></head> <body onLoad="document.forms[0].submit()"> <form action="https://app.shopify.com/services/partners/api_clients/1105664/export_installed_users" method="GET"> </form> </body> </html>
As you see, the export_installed_users
method is called by a GET
request using the action parameter in a form. This means that when it is called, all the information available about the application is used to perform the request. Harishkumar took advantage of it to perform the attack.
As a tip to discover vulnerabilities like this, you can do the following:
- Analyze the HTTP...