[https://www.verical.com/account/account-settings] CSRF leads to name change

Disclosed by
arthbajpai277
  • Engagement Arrow Electronics VDP
  • Disclosed date almost 5 years ago
  • Points 10
  • Priority P3 Bugcrowd's VRT priority rating
  • Status Resolved This vulnerability has been accepted and fixed
Summary by Arrow Electronics VDP

A CSRF vulnerability on Name section leads to change in the account name of the victim. An attacker could change victim name without authentication by exploiting this vulnerability on https://www.verical.com.

Summary by arthbajpai277

This vulnerability allowed me to fully change to victim profile settings.
As report is fully disclosed, I believe there is no need of brief summary :)

Regards
Arth Bajpai

Activity