Hello friends 🙂 This is the writeup of my Cisco Meraki findings .I was just 😉 trying the different platform for a change so i logged in and was playing the game of request and resonse so after few back and forth of requests it was clear that’s its an ajax based web app now i started trying for standard security issues like xss, csrf ,injections etc . so finally i got one in which i was able to disconnect the admin from his own account .
when you will remove the token from the ajax request still request was getting completed so i checked again and it wasn’t validating the xsrf token so it was a csrf
Thing is that you can easily create poc via burp for those web apps which are sending their anti_csrf tokens via their body but sometimes you have to struggle for those web app who send their csrf tokens via header specially ajax based like “X-XSRF-Token”:”value “;
So now i have to create the Poc manually so i coded this
var request =new XMLHttpRequest();
request.open(‘POST’,”url”,true); // the post url where the web app was sending the data //request for removal
but ajax has its own security policies to be satisfied first !
Same Origin Policy on AJAX
The same origin policy dictates that an AJAX object’s ability to fully communicate on the user’s behalf is possible assuming the following conditions are met
: ►The protocol used by the AJAX object must be identical to the protocol of the origin page.
► The target port of the AJAX object must be identical to the port of the origin page.
► The domain of the host and the domain of the AJAX object’s target host must be identical
the only thing to do was to use overly permissive browser ===> IE
So it worked
Video poc :
Hope this write-up was helpful