- Status Closed
-
Assigned To
nferrari - Private
Attached to Project: Security vulnerabilities
Opened by waloodi_109 - 04.10.2025
Last edited by nferrari - 08.10.2025
Opened by waloodi_109 - 04.10.2025
Last edited by nferrari - 08.10.2025
FS#220 - Csrf Lead to remove Google auth from account
#Csrf Lead to remove Google auth from account
Hello Team, I hope you are doing well. I found Csrf Lead to remove Google auth from account in admin.alwaysdata.com.
Steps To Reproduce:
1. Login to admin.alwaysdata.co
2. Go to https://admin.alwaysdata.com/user/ and click on delete button and capture the request in burpsuite.
3. Make Csrf Poc and save in to csrf.html.
4. Send this request to another account which have Google Auth.
5. You can see that Google Auth is removed into second account.
Thank You,
Waleed Anwar
Closed by nferrari
08.10.2025 13:04
Reason for closing: Fixed
Additional comments about closing:
08.10.2025 13:04
Reason for closing: Fixed
Additional comments about closing:
Hi, a patch has been applied. Can you please confirm the resolution and open a ticket about this report?
Thank you
Loading...
Available keyboard shortcuts
- Alt + ⇧ Shift + l Login Dialog / Logout
- Alt + ⇧ Shift + a Add new task
- Alt + ⇧ Shift + m My searches
- Alt + ⇧ Shift + t focus taskid search
Tasklist
- o open selected task
- j move cursor down
- k move cursor up
Task Details
- n Next task
- p Previous task
- Alt + ⇧ Shift + e ↵ Enter Edit this task
- Alt + ⇧ Shift + w watch task
- Alt + ⇧ Shift + y Close Task
Task Editing
- Alt + ⇧ Shift + s save task
Any Update??
Hi,
Thank you for your report. We will update as soon as our team will have information to give.
Hi, a patch has been applied. Can you please confirm the resolution and open a ticket about this report?
Thank you
oky sir