Multiple POST requests across the application include a username parameter that the server fully trusts for authorization. The server does not validate whether the provided username belongs to the currently authenticated session.
As a result, an attacker can change the username value to another valid user’s username and perform any action that the original owner could without knowing their credentials.
This issue affects all POST requests where the username parameter is present, making it possible to compromise any account and perform high-impact actions.
Log in to your own account on the platform.
Intercept any POST request that contains the username parameter. Example (structure varies depending on the feature being used):
Host: app.coindepo.com
Content-Type: multipart/form-data; boundary=----boundary
------boundary
Content-Disposition: form-data; name="username"
[email protected]
------boundary
Content-Disposition: form-data; name="client_token"
<your_valid_token>
POC: Video on Attachments