Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition

Valid

Reported on

Nov 16th 2021

Description

CSRF related to Torrents section. 6 actions recorded

1: /{id}/torrent_fl

2: /{id}/torrent_doubleup

3: /{id}/bumpTorrent

4: /{id}/torrent_sticky

5: /{id}/reseed

6: /{id}/freeleech_token

Proof of Concept

<a href="http://[UNIT3D-URL]/torrents/{id}/torrent_fl">CLICK ME!</a>

Impact

This vulnerability is capable of tricking admin users to reseed / use freeleech token / grant freeleech / grant doubleup / bumpTorrent / stickyTorrent torrents.

Occurrences

torrent.blade.php L106L108

reseed blade

torrent.blade.php L670L678

stickyTorrent blade

torrent.blade.php L63L71

use freeleech token (freelech)

torrent.blade.php L646L654

grant-revoke freeleech blade (torrent_fl)

torrent.blade.php L681L684

bumpTorrent blade

web.php L277L279

request reseed / use freeleech token (2 actions)

torrent.blade.php L658L666

doubleup blade

web.php L271L274

grant freeleech / grant doubleup / bumpTorrent / stickyTorrent (4 actions)

We are processing your report and will contact the hdinnovations/unit3d-community-edition team within 24 hours. a year ago

HDVinnie validated this vulnerability a year ago

haxatron has been awarded the disclosure bounty

The fix bounty is now up for grabs

HDVinnie marked this as fixed with commit b43c25 a year ago

HDVinnie has been awarded the fix bounty

This vulnerability will not receive a CVE

torrent.blade.php#L106L108 has been validated

torrent.blade.php#L63L71 has been validated

torrent.blade.php#L670L678 has been validated

torrent.blade.php#L646L654 has been validated

torrent.blade.php#L681L684 has been validated

torrent.blade.php#L658L666 has been validated

web.php#L277L279 has been validated

web.php#L271L274 has been validated

to join this conversation