Chaturbate: [chaturbate.com] - CSRF Vulnerability on image upload

2018-08-28T04:50:16
ID H1:401483
Type hackerone
Reporter corb3nik
Modified 2018-09-19T22:40:09

Description

Summary

Hi guys,

One of the features available to a Chaturbate user is the ability to upload images into photo sets. The upload functionality does not use any CSRF tokens, allowing attackers to perform CSRF attacks and upload images to a user's profile without the user's consent.

Steps To Reproduce:

  1. Login to Chaturbate.
  2. Browse to your profile page and upload an image.
  3. Note the set ID of the newly created set (this is available by visiting set in the profile page. It'll be in the URL : https://chaturbate.com/photo_videos/photoset/detail/[username]/[set_id]/).
  4. Download the poc.html file attached to this report.
  5. Edit poc.html by replacing the number 4771110 by the set ID found at step #3.
  6. Open poc.html and click on Submit request.
  7. Visit your Chaturbate image set.

You'll notice that the photo set now inludes an additional image (a blank/white image).

Impact

In order for this attack to work, an attacker would need to know the correct photo set ID. Since set IDs are public information, this isn't an issue.

I've set the impact here to medium since this affects the integrity of user accounts.