My first bug in microsoft

hello

what is CSRF?

Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated. With a little help of social engineering (such as sending a link via email or chat), an attacker may trick the users of a web application into executing actions of the attacker’s choosing. If the victim is a normal user, a successful CSRF attack can force the user to perform state changing requests like transferring funds, changing their email address, and so forth. If the victim is an administrative account, CSRF can compromise the entire web application.

attacking step:

1. go to thes url https://evil.com/portal/profile .
2. edit Personal information and save.
3. thes time intercept all request with burpsuit .
4. thes request using POST /portal/profile HTTP/1.1 and generate CSRF poc using burpsuit.

5. thes csrf request send to victem account response is {“status”:{“code”:40163,”text”:”token CSRF param [ ATTACKER ID ] does not match the cookie [ VICTEM ACCOUNT ID ]”}

6. then thes csrf poc chenged token victem id [ token id get a old csrf poc response ]

7. then thes request send to victem account and response is success.

impact:

any account Personal information chenged.

report May 19 2020

Triaged june 10 2020

bounty June 18, 2020 $1200

@0xprabir