Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition

Valid

Reported on

Nov 16th 2021


Description

CSRF related to Torrents section. 6 actions recorded

1: /{id}/torrent_fl

2: /{id}/torrent_doubleup

3: /{id}/bumpTorrent

4: /{id}/torrent_sticky

5: /{id}/reseed

6: /{id}/freeleech_token

Proof of Concept

<a href="http://[UNIT3D-URL]/torrents/{id}/torrent_fl">CLICK ME!</a>

Impact

This vulnerability is capable of tricking admin users to reseed / use freeleech token / grant freeleech / grant doubleup / bumpTorrent / stickyTorrent torrents.

Occurences

stickyTorrent blade

use freeleech token (freelech)

grant-revoke freeleech blade (torrent_fl)

request reseed / use freeleech token (2 actions)

grant freeleech / grant doubleup / bumpTorrent / stickyTorrent (4 actions)

We are processing your report and will contact the hdinnovations/unit3d-community-edition team within 24 hours. 18 days ago
HDVinnie validated this vulnerability 18 days ago
haxatron has been awarded the disclosure bounty
The fix bounty is now up for grabs
HDVinnie confirmed that a fix has been merged on b43c25 12 days ago
HDVinnie has been awarded the fix bounty
torrent.blade.php#L106L108 has been validated
torrent.blade.php#L63L71 has been validated
torrent.blade.php#L670L678 has been validated
torrent.blade.php#L646L654 has been validated
torrent.blade.php#L681L684 has been validated
torrent.blade.php#L658L666 has been validated
web.php#L277L279 has been validated
web.php#L271L274 has been validated