How to Takover the Account by Simple Trick[Bug,csrf Protection]

Vulnerability type 

 InSecure Direct Object Reference

How to Takeover the Account Via Simple Trick :

Someone researcher found the account takeover vulnerability in Private website and so you can consider someone is me.so let me start how to takeover the account in simple way .i was testing the website and then i got an account editing page so as always tried to find csrf vulnerability and after some hardwork i bypassed their mechanism of CSRF protection by deleting the authenticity_token= value from the editing request ! But wait what is it ?

 

 After lots of hard-work i see the edit page So by changing the value in the id=edit_account_<victim_id> I was able to change the details of victim and also able to delete the account from the website.

 

 

 

Vulnerability Fixed :Within 2 days the “secret” website fixed the bug !But maybe I should check it again!

OMG ! They plugged some internal protection but they didn’t change anything in the POST request’s functionality!

So let's try for second time :D !

 

 

 

 

 

May be I should try to changing the parameter’s value id=<edit_account_victim_id> to id=<victim_id>

Done so I bypassed the mechanism of website second time also :) !

 

 

 

They rewarded me some more bounty ! 

 

 

 

If you want any question so feel free to ask on comment .