Security
Headlines
HeadlinesLatestCVEs

Tag

#csrf

Multi-Vendor Online Groceries Management System 1.0 Insecure Settings

Multi-Vendor Online Groceries Management System version 1.0 suffers from an ignored default credential vulnerability.

Packet Storm
#sql#xss#csrf#vulnerability#web#ios#mac#windows#apple#google#ubuntu#linux#debian#cisco#java#php#perl#auth#ruby#firefox
Courier Management System 1.0 Cross Site Request Forgery

Courier Management System version 1.0 suffers from a cross site request forgery vulnerability.

CMS RIMI 1.3 Cross Site Request Forgery / File Upload

CMS RIMI version 1.3 suffers from cross site request forgery and arbitrary file upload vulnerabilities.

GHSA-rpfr-3m35-5vx5: Hono CSRF middleware can be bypassed using crafted Content-Type header

### Summary Hono CSRF middleware can be bypassed using crafted Content-Type header. ### Details MIME types are case insensitive, but `isRequestedByFormElementRe` only matches lower-case. https://github.com/honojs/hono/blob/b0af71fbcc6dbe44140ea76f16d68dfdb32a99a0/src/middleware/csrf/index.ts#L16-L17 As a result, attacker can bypass csrf middleware using upper-case form-like MIME type, such as "Application/x-www-form-urlencoded". ### PoC ```html <html> <head> <title>CSRF Test</title> <script defer> document.addEventListener("DOMContentLoaded", () => { document.getElementById("btn").addEventListener("click", async () => { const res = await fetch("http://victim.example.com/test", { method: "POST", credentials: "include", headers: { "Content-Type": "Application/x-www-form-urlencoded", }, }); }); }); </script> </head> <body> <h1>CSRF Test</h1> <butto...