Lucene search
Dhina016BA3CD929-8B60-4D8D-B77D-F28409ECF387HistoryJan 30, 2023 - 9:22 a.m.
CSRF in all endpoints of /lib/ajax.php by Changing the request method to GET
2023-01-3009:22:15
dhina016
www.huntr.dev
10
csrf
ajax.php
get request
error
user functionality
proof of concept
bug bounty
0.001 Low
EPSS
Percentile
34.5%
Description
I have found a CSRF in all the request in /lib/ajax.php by changing the request to GET and the page is also get errors. So user cannot use any function on the page
Proof of Concept
1. Go to https://demo.froxlor.org/ and login as any user. ie. admin
2. Now open https://demo.froxlor.org/lib/ajax.php?action=updatetablelisting&listing=mysqlserver_list&theme=Froxlor&columns%5Bcaption%5D=caption&columns%5Bhost%5D=host&columns%5Bport%5D=port
3. Then go to https://demo.froxlor.org/admin_admins.php?page=admins
4. You can see the updated columns
5. Then change the column name to unknown ie; https://demo.froxlor.org/lib/ajax.php?action=updatetablelisting&listing=mysqlserver_list&theme=Froxlor&columns%5Bcaption%5D=caption123
6. Then go to https://demo.froxlor.org/admin_admins.php?page=admins and you can see the errors only and due to frontend content changed user difficult to access the function in current page
Video POC: https://drive.google.com/file/d/1-_i7XDSiBIjVIZvZgiCrnh4F9Hjg6GH7/view?usp=share_link
Related
prion
prion
Cross site request forgery (csrf)
2023-02-25 01:15:00
cvelist
cvelist
CVE-2023-1033 Cross-Site Request Forgery (CSRF) in froxlor/froxlor
2023-02-25 00:00:00
cve
cve
CVE-2023-1033
2023-02-25 01:15:54
veracode
veracode
Cross-Site Request Forgery (CSRF)
2023-03-02 08:41:38
github
github
Froxlor Cross-Site Request Forgery vulnerability
2023-02-25 03:30:17
osv
osv
CVE-2023-1033
2023-02-25 01:15:54
Froxlor Cross-Site Request Forgery vulnerability
2023-02-25 03:30:17
nvd
nvd
CVE-2023-1033
2023-02-25 01:15:54