Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition


Reported on

Nov 16th 2021


CSRF related to Torrents section. 6 actions recorded

1: /{id}/torrent_fl

2: /{id}/torrent_doubleup

3: /{id}/bumpTorrent

4: /{id}/torrent_sticky

5: /{id}/reseed

6: /{id}/freeleech_token

Proof of Concept

<a href="http://[UNIT3D-URL]/torrents/{id}/torrent_fl">CLICK ME!</a>


This vulnerability is capable of tricking admin users to reseed / use freeleech token / grant freeleech / grant doubleup / bumpTorrent / stickyTorrent torrents.


stickyTorrent blade

use freeleech token (freelech)

grant-revoke freeleech blade (torrent_fl)

request reseed / use freeleech token (2 actions)

grant freeleech / grant doubleup / bumpTorrent / stickyTorrent (4 actions)

We are processing your report and will contact the hdinnovations/unit3d-community-edition team within 24 hours. a year ago
HDVinnie validated this vulnerability a year ago
haxatron has been awarded the disclosure bounty
The fix bounty is now up for grabs
HDVinnie marked this as fixed with commit b43c25 a year ago
HDVinnie has been awarded the fix bounty
This vulnerability will not receive a CVE
torrent.blade.php#L106L108 has been validated
torrent.blade.php#L63L71 has been validated
torrent.blade.php#L670L678 has been validated
torrent.blade.php#L646L654 has been validated
torrent.blade.php#L681L684 has been validated
torrent.blade.php#L658L666 has been validated
web.php#L277L279 has been validated
web.php#L271L274 has been validated
to join this conversation